[Git][security-tracker-team/security-tracker][fix-old-DSA-entries] 2261 commits: automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Sep 13 13:54:08 BST 2025
Salvatore Bonaccorso pushed to branch fix-old-DSA-entries at Debian Security Tracker / security-tracker
Commits:
b665ca33 by security tracker role at 2025-07-09T20:12:38+00:00
automatic update
- - - - -
72ba92fc by security tracker role at 2025-07-09T20:14:09+00:00
automatic NOT-FOR-US entries update
- - - - -
2523fc88 by Salvatore Bonaccorso at 2025-07-09T22:35:43+02:00
Process some NFUs
- - - - -
c39e8672 by Salvatore Bonaccorso at 2025-07-09T22:37:15+02:00
Add three "new" luajit issues
- - - - -
9f3cd66d by Chris Lamb at 2025-07-09T13:47:26-07:00
Reserve DLA-4238-1 for sslh
- - - - -
8ea8ce1f by Salvatore Bonaccorso at 2025-07-10T05:52:13+02:00
Add initial tracking for gnutls28 issues
- - - - -
c50bf3b4 by Salvatore Bonaccorso at 2025-07-10T06:18:03+02:00
Add information on gnutls issues
- - - - -
e0c5f61f by Salvatore Bonaccorso at 2025-07-10T08:18:51+02:00
Add CVE-2025-7365/keycloack, itp'ed
- - - - -
e25b3e73 by Salvatore Bonaccorso at 2025-07-10T08:27:28+02:00
Add CVE-2025-7370 for libsoup
- - - - -
89994d65 by Salvatore Bonaccorso at 2025-07-10T08:46:52+02:00
Add CVE-2024-3634{8,9 (associate it with amd64-microcode, hw vulnerability)
- - - - -
f999af81 by Markus Koschany at 2025-07-10T08:52:35+02:00
Add amd64-microcode to dla-needed.txt
- - - - -
9360cb70 by Markus Koschany at 2025-07-10T08:52:35+02:00
Add gnutls28 to dla-needed.txt
- - - - -
a4b4981e by Markus Koschany at 2025-07-10T08:52:35+02:00
Add luajit to dla-needed.txt
- - - - -
1678fe56 by Markus Koschany at 2025-07-10T08:52:36+02:00
Add redis to dla-needed.txt
- - - - -
efc11e5c by Markus Koschany at 2025-07-10T08:53:33+02:00
Triage tidy-html5 for bullseye
- - - - -
55bf7ed5 by Salvatore Bonaccorso at 2025-07-10T09:16:49+02:00
Add Debian bug reference for amd64-microcode
- - - - -
bb564d24 by security tracker role at 2025-07-10T08:12:12+00:00
automatic update
- - - - -
782c1095 by security tracker role at 2025-07-10T08:13:45+00:00
automatic NOT-FOR-US entries update
- - - - -
e9b020a8 by Salvatore Bonaccorso at 2025-07-10T10:15:11+02:00
Add amd64-microcode to dsa-needed list
- - - - -
91da38c2 by Salvatore Bonaccorso at 2025-07-10T10:24:28+02:00
Remove todo item from one now rejected CVE
- - - - -
95aff53c by Salvatore Bonaccorso at 2025-07-10T10:29:23+02:00
Merge two Linux CVEs from kernel-sec update
- - - - -
c3731102 by Moritz Mühlenhoff at 2025-07-10T11:52:23+02:00
auto-nfu: Update Microsoft rule
- - - - -
a3c16b9b by Moritz Mühlenhoff at 2025-07-10T11:53:37+02:00
jq spu
- - - - -
7226e1e1 by Moritz Mühlenhoff at 2025-07-10T11:57:30+02:00
gst-plugins-bad1.0 fixed in sid
- - - - -
ab523cb7 by Adrian Bunk at 2025-07-10T13:07:51+03:00
dla: take gnutls28
- - - - -
b7934d5d by Salvatore Bonaccorso at 2025-07-10T12:28:51+02:00
Merge Linux CVE changes from kernel-sec
- - - - -
dd3474e8 by Salvatore Bonaccorso at 2025-07-10T12:43:43+02:00
Merge Linux CVEs from kernel-sec
- - - - -
6bf25d57 by "Lee Garrett" at 2025-07-10T13:35:41+02:00
LTS: claim git in dla-needed.txt
- - - - -
762382ce by Lee Garrett at 2025-07-10T15:07:31+02:00
Comment on git dla-needed
- - - - -
91abb220 by Guilhem Moulin at 2025-07-10T15:15:31+02:00
CVE-2025-6170/libxml2: Reference fixed commit
- - - - -
c9b63808 by Moritz Mühlenhoff at 2025-07-10T15:22:26+02:00
NFUs
- - - - -
bc10b130 by Moritz Mühlenhoff at 2025-07-10T15:30:13+02:00
auto-nfu: Add rule for Symantec
Total CVEs from symantec: 364
Total CVEs from symantec with packages assigned: 0
- - - - -
1d3ef755 by Moritz Mühlenhoff at 2025-07-10T15:34:13+02:00
new chmlib issue
- - - - -
f3cd9d70 by Moritz Mühlenhoff at 2025-07-10T15:44:30+02:00
new optee-os issue
- - - - -
dbc373f2 by Guilhem Moulin at 2025-07-10T15:53:02+02:00
Triage CVE-2025-49795/libxml2 for bullseye
And add reference to the commit introducing the issue. value-of tag support was
added in v2.10.0, see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.0 .
- - - - -
267f5838 by Chris Lamb at 2025-07-10T08:19:49-07:00
data/dla-needed.txt: Claim redis.
- - - - -
39dc087b by Markus Koschany at 2025-07-10T18:13:56+02:00
CVE-2025-6297,dpkg: bullseye is postponed
Minor issue
- - - - -
ce873d53 by Markus Koschany at 2025-07-10T18:23:01+02:00
Add erlang to dla-needed.txt
- - - - -
8692f065 by Markus Koschany at 2025-07-10T18:30:29+02:00
Add libcommons-fileupload-java to dla-needed.txt and claim it
Identical vulnerability as in tomcat9
- - - - -
1d1ed72d by Markus Koschany at 2025-07-10T18:33:45+02:00
Triage libssh CVE as postponed for bullseye
Minor issues
- - - - -
b65bc056 by Markus Koschany at 2025-07-10T18:35:22+02:00
CVE-2025-XXXX,qbittorrent: bullseye is postponed
Minor issue
- - - - -
b06af3f1 by Markus Koschany at 2025-07-10T18:37:00+02:00
CVE-2025-6140,spdlog: bullseye is postponed
Minor issue
- - - - -
84243ae0 by Markus Koschany at 2025-07-10T18:38:01+02:00
Add thunderbird to dla-needed.txt
- - - - -
e8416151 by Markus Koschany at 2025-07-10T18:47:39+02:00
Add libowasp-esapi-java to dla-needed.txt
- - - - -
ec300121 by Markus Koschany at 2025-07-10T19:00:39+02:00
Add php7.4 to dla-needed.txt
- - - - -
4717c5f9 by Guilhem Moulin at 2025-07-10T19:24:04+02:00
LTS: claim php7.4 in dla-needed.txt
- - - - -
2f09b939 by Salvatore Bonaccorso at 2025-07-10T20:37:37+02:00
Mark CVE-2025-5024 as no-dsa
- - - - -
abd648d4 by Adrian Bunk at 2025-07-10T21:50:20+03:00
dla: take thunderbird
Only announcement needed
- - - - -
bc9889a1 by Salvatore Bonaccorso at 2025-07-10T21:05:02+02:00
Update status for CVE-2025-49014/jq
Note, it is safe to mark here trixie, even if trixie was not yet
released as stable, as jq from unstable won't anymore propagate to
trixie, and trixie got already a separate jq update via
testing-proposed-updates (1.7.1-6+deb13u1).
- - - - -
0ea49190 by Salvatore Bonaccorso at 2025-07-10T21:22:27+02:00
Update status for CVE-2025-48172
This is actually specific to code introduced in sumatrapdf, so might
actually be reassigned to sumatrapdf (NFU)
- - - - -
2637c684 by Salvatore Bonaccorso at 2025-07-10T21:30:58+02:00
Update status for CVE-2025-49795/libxml2
Thanks: Guilhem Moulin for the triage.
- - - - -
ba63e696 by Salvatore Bonaccorso at 2025-07-10T21:58:36+02:00
Add Debian bug reference for CVE-2025-46733/optee-os
- - - - -
9fbd07f5 by security tracker role at 2025-07-10T20:12:43+00:00
automatic update
- - - - -
ef62227a by security tracker role at 2025-07-10T20:14:09+00:00
automatic NOT-FOR-US entries update
- - - - -
a7f0e980 by Salvatore Bonaccorso at 2025-07-10T22:39:12+02:00
Add two new libxslt issues
- - - - -
9fa561a5 by Salvatore Bonaccorso at 2025-07-10T23:00:01+02:00
Process some NFUs
- - - - -
71cedf2a by Salvatore Bonaccorso at 2025-07-10T23:26:29+02:00
Process some NFUs
- - - - -
49c3e41f by Salvatore Bonaccorso at 2025-07-10T23:27:07+02:00
Add CVE-2025-53630/llama.cpp
- - - - -
5e5e7e2d by Salvatore Bonaccorso at 2025-07-10T23:29:41+02:00
Add CVE-2025-52473/liboqs
- - - - -
08815930 by Salvatore Bonaccorso at 2025-07-10T23:41:57+02:00
Add new apache2 issues
- - - - -
7cb2a396 by Salvatore Bonaccorso at 2025-07-10T23:51:03+02:00
Add new tomcat issues
- - - - -
7c2b21d3 by Markus Koschany at 2025-07-11T06:01:26+02:00
Claim libowasp-esapi-java in dla-needed.txt
- - - - -
71a83cf9 by Salvatore Bonaccorso at 2025-07-11T06:21:18+02:00
Track fixes for linux via unstable upload
- - - - -
ca2d280f by Moritz Muehlenhoff at 2025-07-11T10:04:32+02:00
NFUs
- - - - -
45da26bf by Moritz Muehlenhoff at 2025-07-11T10:08:55+02:00
new gitlab issues
- - - - -
093454f9 by security tracker role at 2025-07-11T08:12:28+00:00
automatic update
- - - - -
73586328 by security tracker role at 2025-07-11T08:13:31+00:00
automatic NOT-FOR-US entries update
- - - - -
f7488aec by Salvatore Bonaccorso at 2025-07-11T10:25:37+02:00
Track fixed version for apache2 issues
- - - - -
f6f1ea3e by Salvatore Bonaccorso at 2025-07-11T10:44:25+02:00
Process some NFUs
- - - - -
4ff417a9 by Moritz Muehlenhoff at 2025-07-11T11:10:54+02:00
bookworm triage
- - - - -
0d6345a1 by Moritz Muehlenhoff at 2025-07-11T12:34:02+02:00
NFUs
- - - - -
77dd9c4f by Moritz Muehlenhoff at 2025-07-11T12:42:45+02:00
auto-nfu: Add rule for Advantech
- - - - -
3a9a5b66 by Moritz Muehlenhoff at 2025-07-11T13:00:39+02:00
optee-os fixed in sid
- - - - -
55d01a6e by Francois Lesueur at 2025-07-11T14:08:45+00:00
Identify CVEs covered by a DLA and not a DSA
Fixes https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/69
- - - - -
d74b1cc5 by Roberto C. Sánchez at 2025-07-11T14:08:45+00:00
Merge branch 'master' into 'master'
Identify CVEs covered by a DLA and not a DSA
See merge request security-tracker-team/security-tracker!220
- - - - -
9adedd91 by Salvatore Bonaccorso at 2025-07-11T16:43:20+02:00
Add Debian bug references for golang issues
- - - - -
37ef9348 by Salvatore Bonaccorso at 2025-07-11T16:52:56+02:00
Add Debian bug reference for tomcat issues
- - - - -
6b0bda56 by Emmanuel Arias at 2025-07-11T18:49:19+02:00
Doc: from trixie python3-legacy-cgi must be installed
cgi module was removed from py3.13. So, from trixie python3-legacy-cgi
is required. This commit add this to documentation
- - - - -
1a1a380d by Salvatore Bonaccorso at 2025-07-11T20:21:21+02:00
Add references for two cpp-httplib issues
- - - - -
b87b3209 by Salvatore Bonaccorso at 2025-07-11T20:26:45+02:00
Add CVE-2025-48924/libcommons-lang*-java
- - - - -
f49d9f91 by Salvatore Bonaccorso at 2025-07-11T21:16:33+02:00
Add Debian bug references for libxlt issues
- - - - -
8d8ff26c by Salvatore Bonaccorso at 2025-07-11T21:23:08+02:00
Add Debian bug reference for CVE-2025-53630
- - - - -
cd8fd064 by Salvatore Bonaccorso at 2025-07-11T21:28:15+02:00
Merge branch 'add-legaci-cgi-install-trixie' into 'master'
Doc: from trixie python3-legacy-cgi must be installed
See merge request security-tracker-team/security-tracker!232
- - - - -
84d17966 by Salvatore Bonaccorso at 2025-07-11T21:30:46+02:00
Add Debian bug references for commons-lang issues
- - - - -
a681e0ec by Salvatore Bonaccorso at 2025-07-11T21:34:21+02:00
doc/security_tracker: Update wording on the additional dependency
Once we will update the security-tracker host togher with DSA, we will
need to add this additional dependency to the required metapackage.
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
97372d4c by security tracker role at 2025-07-11T20:12:44+00:00
automatic update
- - - - -
f68d1ef7 by security tracker role at 2025-07-11T20:14:10+00:00
automatic NOT-FOR-US entries update
- - - - -
dff74dc4 by Salvatore Bonaccorso at 2025-07-11T22:19:23+02:00
Process some NFUs
- - - - -
d7c8cd27 by Salvatore Bonaccorso at 2025-07-11T22:21:01+02:00
Add CVE-2025-45582/tar
- - - - -
9d7c4d22 by Salvatore Bonaccorso at 2025-07-11T22:25:52+02:00
Add CVE-2025-5992/qt6-base
- - - - -
c0d61d40 by Adrian Bunk at 2025-07-11T23:53:28+03:00
Reserve DLA-4239-1 for thunderbird
- - - - -
38f3df40 by Moritz Mühlenhoff at 2025-07-12T00:40:32+02:00
cloud-init spu
- - - - -
cd3eb97b by security tracker role at 2025-07-12T08:12:31+00:00
automatic update
- - - - -
56e7000e by security tracker role at 2025-07-12T08:13:26+00:00
automatic NOT-FOR-US entries update
- - - - -
750061ac by Moritz Muehlenhoff at 2025-07-12T12:13:52+02:00
add direct commit reference
- - - - -
72ca4f72 by Sylvain Beucler at 2025-07-12T14:21:03+02:00
Update Ubuntu CVE status URL
https://people.canonical.com/~ubuntu-security/cve/*
now redirects to https://ubuntu.com/security/* .
- - - - -
086e3363 by Sylvain Beucler at 2025-07-12T14:30:50+02:00
Fix links with extra trailing characters (Closes: #994897)
Proper URL validation is pretty complex, so we're only adding an
heuristic against common issues (sentence-closing period or
parenthesis without space right after an URL).
Examples:
- CVE-2019-11841: "See https://github.com/golang/go/issues/41200."
- CVE-2025-3576: "(cf. https://web.mit.edu/kerberos/krb5-1.21/)"
- CVE-2024-36462: "in https://github.com/.../036f3e14be3, first"
- CVE-2024-27280: "bugfix for https://bugs.ruby-lang.org/issues/19389:"
- CVE-2009-0676: "in <https://bugzilla.redhat.com/show_bug.cgi?id=486305>"
False-positives analysis:
- '.,:' technically valid in URLs, but no valid occurrences in the tracker;
- ')>' should be URL-encoded in the non-hostname part of the URL.
- - - - -
244187f8 by Sylvain Beucler at 2025-07-12T16:20:01+02:00
Drop lts-needs-forward-port.py
Replaced by new code within lts-cve-triage.py (cf. !220)
- - - - -
d199eef4 by Roberto C. Sánchez at 2025-07-12T14:29:03+00:00
Merge branch 'remove-duplicate-lts-needs-forward-port' into 'master'
Drop lts-needs-forward-port.py
See merge request security-tracker-team/security-tracker!236
- - - - -
3a0f5180 by Utkarsh Gupta at 2025-07-12T22:14:25+05:30
Take ruby-graphql for bullseye
- - - - -
57107d4a by Salvatore Bonaccorso at 2025-07-12T21:39:22+02:00
Track fixed version for libsoup3 issues via unstable
- - - - -
46f800fb by Salvatore Bonaccorso at 2025-07-12T22:03:46+02:00
Process some NFUs
- - - - -
5fd803a9 by Salvatore Bonaccorso at 2025-07-12T22:08:11+02:00
Add CVE-2025-7464/gobgp
- - - - -
40cd980c by security tracker role at 2025-07-12T20:14:03+00:00
automatic update
- - - - -
56f96728 by security tracker role at 2025-07-12T20:18:42+00:00
automatic NOT-FOR-US entries update
- - - - -
d61862e2 by Salvatore Bonaccorso at 2025-07-12T22:25:41+02:00
Process some more NFUs
- - - - -
733c3c56 by Salvatore Bonaccorso at 2025-07-12T22:33:08+02:00
Process more NFUs
- - - - -
249b9cfd by Salvatore Bonaccorso at 2025-07-12T22:33:30+02:00
Add CVE-2025-7485/open5gs
- - - - -
3104862a by Markus Koschany at 2025-07-12T23:22:35+02:00
Add apache2 to dla-needed.txt
- - - - -
cda747aa by Chris Lamb at 2025-07-12T14:37:42-07:00
Reserve DLA-4240-1 for redis
- - - - -
ecf5380f by Salvatore Bonaccorso at 2025-07-13T07:36:26+02:00
Track fixed version for CVE-2025-7345/gdk-pixbuf via unstable
- - - - -
88b0067d by Salvatore Bonaccorso at 2025-07-13T07:39:59+02:00
Track fixed version for redis issues via unstable
- - - - -
e1fb4976 by Salvatore Bonaccorso at 2025-07-13T07:45:57+02:00
Update status for CVE-2025-53630/llama.cpp and add ggml
- - - - -
578f718d by Salvatore Bonaccorso at 2025-07-13T07:48:11+02:00
Bug for llama.cpp and ggml reassigned
- - - - -
cc3d404e by security tracker role at 2025-07-13T08:12:00+00:00
automatic update
- - - - -
ceba26bb by security tracker role at 2025-07-13T08:12:48+00:00
automatic NOT-FOR-US entries update
- - - - -
e425e268 by security tracker role at 2025-07-13T20:14:02+00:00
automatic update
- - - - -
94d12e28 by security tracker role at 2025-07-13T20:18:08+00:00
automatic NOT-FOR-US entries update
- - - - -
aa958e91 by Markus Koschany at 2025-07-13T23:47:13+02:00
CVE-2024-6174,CVE-2024-11584,cloud-init: bullseye is postponed
Minor issues
- - - - -
c5c90f6e by Markus Koschany at 2025-07-13T23:47:14+02:00
CVE-2025-6493,codemirror-js: bullseye is postponed
Minor issue
- - - - -
f3b6a222 by Markus Koschany at 2025-07-13T23:47:16+02:00
CVE-2025-5024,gnome-remote-desktop: bullseye is postponed
Minor issue
- - - - -
ad305952 by Markus Koschany at 2025-07-13T23:47:17+02:00
CVE-2025-7207,mruby: bullseye is postponed
Minor issue
- - - - -
664dbee9 by Markus Koschany at 2025-07-13T23:47:19+02:00
CVE-2025-6545,node-pbkdf2: bullseye is postponed
Minor issue
- - - - -
6b366e5d by Markus Koschany at 2025-07-13T23:47:19+02:00
Add gdk-pixbuf to dla-needed.txt
- - - - -
263d4969 by Markus Koschany at 2025-07-13T23:47:20+02:00
CVE-2025-52886,poppler: bullseye is postponed
Minor issue
- - - - -
830cb1f3 by Markus Koschany at 2025-07-13T23:47:21+02:00
Add rabbitmq-server to dla-needed.
Please help finding more information. Has been in "triaging" status since June.
Link to upstream issue tracker follows.
- - - - -
81255755 by Markus Koschany at 2025-07-13T23:47:22+02:00
CVE-2025-4674,golang-1.15: bullseye is postponed
Minor issue
- - - - -
55344bb7 by Markus Koschany at 2025-07-13T23:57:57+02:00
Add libcommons-lang{3}-java to dla-needed.txt
- - - - -
e771cbc2 by Markus Koschany at 2025-07-14T00:09:19+02:00
Link to rabbitmq-server upstream discussion in dla-needed.txt
- - - - -
818b4aae by Moritz Muehlenhoff at 2025-07-14T08:42:55+02:00
NFUs
- - - - -
cea5e2bc by Moritz Muehlenhoff at 2025-07-14T09:05:10+02:00
add reference for CVE-2025-1244
- - - - -
d60c1b6a by Moritz Muehlenhoff at 2025-07-14T09:27:43+02:00
new rust-static-alloc issue
- - - - -
2579e487 by Moritz Muehlenhoff at 2025-07-14T09:37:40+02:00
auto-nfu: Add rule for Cato
Total CVEs from Cato: 7
Total CVEs from Cato with packages assigned: 0
Scope: All Cato Networks products and vulnerabilities in third-party
products affecting Cato products unless covered by the scope of
another CNA.
- - - - -
e364e4e1 by Moritz Muehlenhoff at 2025-07-14T09:41:10+02:00
mbedtls fixed in sid
- - - - -
82d2f2f8 by Moritz Muehlenhoff at 2025-07-14T09:42:08+02:00
python-urllib3 fixed in sid
- - - - -
58c9a37b by Moritz Muehlenhoff at 2025-07-14T09:47:30+02:00
new ghostscript issue
- - - - -
0c196614 by Sylvain Beucler at 2025-07-14T09:57:14+02:00
dla: clarify rabbitmq-server status
- - - - -
d386d4e9 by security tracker role at 2025-07-14T08:12:46+00:00
automatic update
- - - - -
62cd3711 by security tracker role at 2025-07-14T08:14:01+00:00
automatic NOT-FOR-US entries update
- - - - -
ac866c84 by Moritz Muehlenhoff at 2025-07-14T10:24:21+02:00
NFUs
- - - - -
0d755087 by Moritz Muehlenhoff at 2025-07-14T10:36:09+02:00
new binutils issues
- - - - -
124c95f7 by Moritz Mühlenhoff at 2025-07-14T12:37:44+02:00
libsoup3 spu
- - - - -
ab8c2044 by Adrian Bunk at 2025-07-14T14:12:47+03:00
CVE-2023-660{2,4,5}/ffmpeg are already fixed in trixie
- - - - -
dfde5ccc by Adrian Bunk at 2025-07-14T14:19:31+03:00
Reserve DLA-4241-1 for ffmpeg
- - - - -
9ac9fe89 by Emilio Pozuelo Monfort at 2025-07-14T14:22:35+02:00
Take frontdesk week
- - - - -
cc35a0d8 by Salvatore Bonaccorso at 2025-07-14T14:28:01+02:00
Associate some egroupware CVEs with removed package
- - - - -
a753212d by Salvatore Bonaccorso at 2025-07-14T14:31:26+02:00
Track fixed version for rust-static-alloc issue
- - - - -
b7ed9d1e by Salvatore Bonaccorso at 2025-07-14T14:39:13+02:00
Track fixed version for CVE-2025-49087/mbedtls via unstable
- - - - -
00bb2578 by Salvatore Bonaccorso at 2025-07-14T14:41:02+02:00
Track fixed version for mbedtls via unstable for CVE-2025-48965
- - - - -
62b10d11 by Salvatore Bonaccorso at 2025-07-14T14:42:38+02:00
Track fixed version for CVE-2025-47917 via unstable
- - - - -
5dff4411 by Salvatore Bonaccorso at 2025-07-14T14:53:19+02:00
Update status for CVE-2025-7462/ghostscript
- - - - -
96f607b7 by Salvatore Bonaccorso at 2025-07-14T14:56:44+02:00
Add Debian bug reference for CVE-2025-7345/gdk-pixbuf
- - - - -
dabf3664 by Salvatore Bonaccorso at 2025-07-14T14:58:49+02:00
Add Debian bug reference for CVE-2025-7462
- - - - -
e3bf56b7 by Salvatore Bonaccorso at 2025-07-14T15:18:35+02:00
Add temporary entry for devscripts issue
- - - - -
2558edd8 by Moritz Muehlenhoff at 2025-07-14T15:40:44+02:00
track CVE-2025-21311 for squid
- - - - -
f371b2f4 by Sylvain Beucler at 2025-07-14T15:41:46+02:00
CVE-2025-49809/mtr: bullseye postponed
- - - - -
ab631f46 by Adrian Bunk at 2025-07-14T17:02:16+03:00
CVE-2025-7345/gdk-pixbuf: Link to regression report
- - - - -
5e185012 by Salvatore Bonaccorso at 2025-07-14T16:04:57+02:00
Mark CVE-2025-29606 as NFU
- - - - -
7978ae3d by Salvatore Bonaccorso at 2025-07-14T16:32:01+02:00
Mark CVE-2025-7345 as postoned (but not DSA planned)
- - - - -
1b904958 by Roberto C. Sánchez at 2025-07-14T11:13:30-04:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Roberto C. Sánchez <roberto at debian.org>
- - - - -
a003c714 by Guilhem Moulin at 2025-07-14T17:45:39+02:00
LTS: reclaim libxml2 and mediawiki in dla-needed.txt
- - - - -
4625bd24 by Salvatore Bonaccorso at 2025-07-14T18:25:18+02:00
Update Linux CVEs based on triage in kernel-sec
- - - - -
a2174380 by Francois Lesueur at 2025-07-14T16:28:08+00:00
Detect issues fixed in buster and bookworm but not in bullseye
- - - - -
1a7d17be by Sylvain Beucler at 2025-07-14T16:28:08+00:00
Merge branch 'issue-11' into 'master'
Detect issues fixed in buster and bookworm but not in bullseye
See merge request security-tracker-team/security-tracker!222
- - - - -
84c33774 by Sylvain Beucler at 2025-07-14T19:10:28+02:00
CVE-2025-7462/ghostscript: bullseye postponed
- - - - -
48058cfc by Salvatore Bonaccorso at 2025-07-14T20:32:45+02:00
Merge branch 'ubuntu-url' into 'master'
Update Ubuntu CVE status URL
See merge request security-tracker-team/security-tracker!235
- - - - -
82ecdfef by Sylvain Beucler at 2025-07-14T21:49:30+02:00
dla: add mbedtls
- - - - -
b90f3cff by security tracker role at 2025-07-14T20:12:58+00:00
automatic update
- - - - -
e08075f6 by security tracker role at 2025-07-14T20:14:40+00:00
automatic NOT-FOR-US entries update
- - - - -
e6ec3ff4 by Salvatore Bonaccorso at 2025-07-14T22:16:18+02:00
Add Debian bug reference for CVE-2025-5992/qt6-base
- - - - -
ac9d8f44 by Salvatore Bonaccorso at 2025-07-14T22:16:20+02:00
Add Debian bug reference for CVE-2025-7464
- - - - -
4854605b by Salvatore Bonaccorso at 2025-07-14T22:20:08+02:00
Process some NFUs
- - - - -
e6c12388 by Salvatore Bonaccorso at 2025-07-14T22:22:11+02:00
Add new policykit-1 issue
- - - - -
0d50ea0c by Moritz Muehlenhoff at 2025-07-14T22:43:58+02:00
NFUs
- - - - -
a467ee3a by Bastien Roucariès at 2025-07-14T22:54:20+02:00
Take apache2 and angular
- - - - -
97173307 by Moritz Muehlenhoff at 2025-07-14T22:58:50+02:00
auto-nfu: Add rule for OMRON
Total CVEs from OMRON: 4
Total CVEs from OMRON with packages assigned: 0
Scope: Omron Group companies’ Industrial Automation, Healthcare,
Social Systems, Device & Module Solutions issues only.
- - - - -
644cc9e9 by Bastien Roucariès at 2025-07-14T23:16:17+02:00
Add a note about apache2
- - - - -
b09e6131 by Salvatore Bonaccorso at 2025-07-14T23:21:46+02:00
Process some NFUs
- - - - -
0ff00b55 by Salvatore Bonaccorso at 2025-07-15T07:15:11+02:00
Update status for policykit-1
- - - - -
5e9d6065 by Salvatore Bonaccorso at 2025-07-15T07:25:51+02:00
Process some new imagemagick issues
- - - - -
de95d066 by Moritz Muehlenhoff at 2025-07-15T08:38:07+02:00
new pandoc issue
- - - - -
5768c404 by Salvatore Bonaccorso at 2025-07-15T08:47:52+02:00
Add apache2 to list of packages fixed by "micro releases"
- - - - -
d0b05cd0 by Salvatore Bonaccorso at 2025-07-15T08:52:54+02:00
Reference fixes for apache2 issues
- - - - -
2fa31acf by Salvatore Bonaccorso at 2025-07-15T09:06:15+02:00
Add gnutls28 to dsa-needed list
- - - - -
6b3908c0 by Moritz Muehlenhoff at 2025-07-15T09:26:26+02:00
new jackrabbit issue
- - - - -
1c2c213c by Moritz Muehlenhoff at 2025-07-15T09:39:32+02:00
new python-aiohttp issue
- - - - -
a7fe7495 by Moritz Muehlenhoff at 2025-07-15T10:01:07+02:00
NFUs
- - - - -
6a80be05 by security tracker role at 2025-07-15T08:12:15+00:00
automatic update
- - - - -
4d4395dd by security tracker role at 2025-07-15T08:13:16+00:00
automatic NOT-FOR-US entries update
- - - - -
62fe22c3 by Moritz Muehlenhoff at 2025-07-15T10:24:29+02:00
auto-nfu: Add rule for Palantir
- - - - -
16046bde by Moritz Muehlenhoff at 2025-07-15T10:41:55+02:00
auto-nfu: Add rule for Directus
- - - - -
acef10d3 by Moritz Muehlenhoff at 2025-07-15T10:44:03+02:00
NFUs
- - - - -
645b7ea3 by Moritz Muehlenhoff at 2025-07-15T10:50:33+02:00
fix entry
- - - - -
ee3ec022 by Moritz Muehlenhoff at 2025-07-15T10:51:26+02:00
nix n/a
- - - - -
b1fb83f3 by Moritz Muehlenhoff at 2025-07-15T11:54:40+02:00
new ruby issue
- - - - -
3fe8c981 by Sylvain Beucler at 2025-07-15T13:34:37+02:00
lts-cve-triage: filter out packages already in dla-needed.txt
These don't need immediate FD attention.
Now that we point at the Freexian tracker URLs, LTS contributors
should also have a clearer view of what's inconsistent with prev/next releases.
This is also consistent with the rest of the output.
- - - - -
662629f7 by Moritz Muehlenhoff at 2025-07-15T14:53:11+02:00
bugnums
- - - - -
026adbc7 by Moritz Muehlenhoff at 2025-07-15T14:54:08+02:00
ruby-rack-session fixed in sid
- - - - -
35e338d8 by Salvatore Bonaccorso at 2025-07-15T14:59:21+02:00
Update status for CVE-2025-53630
- - - - -
ca2bc404 by Salvatore Bonaccorso at 2025-07-15T15:03:10+02:00
Document ggml and llama.cpp (and whisper.cpp)
- - - - -
28304fb4 by Andrej Shadura at 2025-07-15T15:14:00+02:00
Claim jgit
- - - - -
437bc92a by Salvatore Bonaccorso at 2025-07-15T15:27:42+02:00
Mark CVE-2025-7464/gobgp as no-dsa
- - - - -
1ea0872d by Daniel Leidert at 2025-07-15T16:43:40+02:00
LTS: claim nagvis in dla-needed.txt
- - - - -
adb23984 by Daniel Leidert at 2025-07-15T16:43:48+02:00
LTS: claim u-boot in dla-needed.txt
- - - - -
5c3828bc by Thorsten Alteholz at 2025-07-15T19:01:03+02:00
claim suricata
- - - - -
15f66eaa by Salvatore Bonaccorso at 2025-07-15T21:02:04+02:00
Track fixed version for CVE-2025-27151/redis via unstbable
The tagged 5:8.0.2-1 in the packaging repository apparently never hit
unstable and the first version to unstable containing the fix is
5:8.0.2-2. Mark the tracker accordingly.
- - - - -
72348c8d by Salvatore Bonaccorso at 2025-07-15T21:04:18+02:00
Track fixed version for ruby-rack issues fixed via unstable
- - - - -
cc12edae by Sylvain Beucler at 2025-07-15T21:12:10+02:00
CVE-2025-7519/policykit-1: bullseye postponed
- - - - -
04fda2d6 by Salvatore Bonaccorso at 2025-07-15T21:15:34+02:00
Add reference for redis for CVE-2025-49112
- - - - -
373abc13 by Salvatore Bonaccorso at 2025-07-15T21:16:36+02:00
Fix previous introduced typo in package note for CVE-2025-7519
- - - - -
0a90b8fb by Sylvain Beucler at 2025-07-15T21:28:43+02:00
CVE-2025-53689/jackrabbit: introductory commit
- - - - -
8c6bac37 by Salvatore Bonaccorso at 2025-07-15T22:02:18+02:00
Add additional upstream references for CVE-2025-53689
- - - - -
24a43bb6 by security tracker role at 2025-07-15T20:12:42+00:00
automatic update
- - - - -
bec15847 by security tracker role at 2025-07-15T20:14:15+00:00
automatic NOT-FOR-US entries update
- - - - -
6f4c6746 by Salvatore Bonaccorso at 2025-07-15T22:22:42+02:00
Add new chromium issues
- - - - -
81892fee by Salvatore Bonaccorso at 2025-07-15T22:23:35+02:00
Add chromium to dsa-needed list
- - - - -
aab8f640 by Salvatore Bonaccorso at 2025-07-15T22:29:19+02:00
Add CVE-2025-6965/sqlite3
- - - - -
1991cde5 by Salvatore Bonaccorso at 2025-07-15T22:31:00+02:00
Process some NFUs
- - - - -
43a996b5 by Salvatore Bonaccorso at 2025-07-15T22:33:42+02:00
Remove notes from rejected CVE
- - - - -
cceb8d35 by Salvatore Bonaccorso at 2025-07-15T22:45:15+02:00
Add new virtualbox issues
- - - - -
0da83539 by Salvatore Bonaccorso at 2025-07-15T22:54:32+02:00
auto-nfu: Add more products covered for Oracle CNA rule
- - - - -
bb1e68e1 by Salvatore Bonaccorso at 2025-07-15T22:55:11+02:00
Process more NFUs
- - - - -
94074260 by Salvatore Bonaccorso at 2025-07-15T22:57:00+02:00
Update status for some Linux CVEs
- - - - -
bfd33bdc by Bastien Roucariès at 2025-07-15T23:10:18+02:00
Add a note about CVE-2025-53014/imagemagick
- - - - -
3974303b by Salvatore Bonaccorso at 2025-07-15T23:12:19+02:00
Process some NFUs
- - - - -
1a431c1f by Salvatore Bonaccorso at 2025-07-15T23:12:21+02:00
Add new CVEs for Oracle MySQL
- - - - -
8783da8d by Salvatore Bonaccorso at 2025-07-15T23:12:23+02:00
Add two Tiki Wiki CMS issues
- - - - -
281739f8 by Salvatore Bonaccorso at 2025-07-15T23:27:05+02:00
Process some NFUs
- - - - -
830f5857 by Salvatore Bonaccorso at 2025-07-15T23:27:45+02:00
auto-nfu: Add more covered products for Oracle CNA
- - - - -
fd79e5ef by Salvatore Bonaccorso at 2025-07-15T23:30:23+02:00
Process some NFUs
- - - - -
a0d00ec9 by Bastien Roucariès at 2025-07-15T23:34:01+02:00
CVE-2025-53015/imagemagick
Add a note for commit
- - - - -
043b7400 by Salvatore Bonaccorso at 2025-07-16T07:28:04+02:00
Unify note style for fix reference in CVE-2025-53014
- - - - -
2ff2e439 by Salvatore Bonaccorso at 2025-07-16T07:31:41+02:00
Add followup commit for CVE-2025-53015
- - - - -
58ef69a6 by Salvatore Bonaccorso at 2025-07-16T07:33:50+02:00
Add commit reference for CVE-2025-53019/imagemagick
- - - - -
3698b66d by Moritz Muehlenhoff at 2025-07-16T08:56:47+02:00
two gnuplot issues fixed in sid
- - - - -
c69ab565 by Moritz Muehlenhoff at 2025-07-16T08:56:49+02:00
more gnuplot fixes
- - - - -
009d2d50 by Moritz Muehlenhoff at 2025-07-16T08:56:51+02:00
gnuplot commit references
- - - - -
61bddc63 by Moritz Muehlenhoff at 2025-07-16T09:09:23+02:00
auto-nfu: Update Oracle list
- - - - -
6965ca59 by Moritz Muehlenhoff at 2025-07-16T09:21:40+02:00
new java issues
- - - - -
079103b8 by Moritz Muehlenhoff at 2025-07-16T09:51:30+02:00
new vim issues
- - - - -
34a4fb70 by Moritz Muehlenhoff at 2025-07-16T09:53:50+02:00
chromium fixed in sid
- - - - -
edb081b8 by security tracker role at 2025-07-16T08:12:21+00:00
automatic update
- - - - -
018ed7b1 by security tracker role at 2025-07-16T08:13:11+00:00
automatic NOT-FOR-US entries update
- - - - -
935c9624 by Moritz Muehlenhoff at 2025-07-16T10:37:25+02:00
drop rejected libsoup issue
- - - - -
e532e916 by Moritz Muehlenhoff at 2025-07-16T10:41:12+02:00
NFUs
- - - - -
552c4d05 by Moritz Muehlenhoff at 2025-07-16T10:46:28+02:00
one more gnuplot issue fixed
- - - - -
e4deeb85 by Moritz Muehlenhoff at 2025-07-16T12:29:52+02:00
bugnums
- - - - -
8408db54 by Moritz Muehlenhoff at 2025-07-16T12:31:47+02:00
some random matomo CVE from 2017...
- - - - -
150e53a8 by Moritz Muehlenhoff at 2025-07-16T12:32:38+02:00
add openjdk reference
- - - - -
47d000f9 by Moritz Muehlenhoff at 2025-07-16T12:45:02+02:00
new n/a nodejs issues
- - - - -
5f60a5d3 by Moritz Muehlenhoff at 2025-07-16T12:52:16+02:00
Add initial CNA rule for Apache
- - - - -
bd125ef9 by Sylvain Beucler at 2025-07-16T13:41:34+02:00
dla: add openjdk-11, openjdk-17
- - - - -
258d8dee by Henri Salo at 2025-07-16T14:48:13+03:00
NFU CVE-2025-23267 NVIDIA Container Toolkit
- - - - -
46abca8c by Emilio Pozuelo Monfort at 2025-07-16T13:55:14+02:00
Fix syntax error in previous commit
- - - - -
057a1bc1 by Emilio Pozuelo Monfort at 2025-07-16T13:55:36+02:00
lts: take openjdk
- - - - -
ebcfbde7 by Sylvain Beucler at 2025-07-16T14:40:16+02:00
bin/lts-cve-triage.py and support scripts: add description and update copyright info
- - - - -
832e5b01 by Moritz Muehlenhoff at 2025-07-16T15:22:29+02:00
bookworm triage
- - - - -
a359e411 by Moritz Muehlenhoff at 2025-07-16T15:25:13+02:00
new libplack-middleware-session-perl issue
- - - - -
c64e0b13 by Moritz Muehlenhoff at 2025-07-16T16:12:16+02:00
NFUs
- - - - -
4fa14901 by Moritz Mühlenhoff at 2025-07-16T17:39:12+02:00
gnutls28 DSA
- - - - -
33c8dc2b by Salvatore Bonaccorso at 2025-07-16T18:00:50+02:00
Add refrences for two vim issues
- - - - -
1fb37131 by Moritz Muehlenhoff at 2025-07-16T18:15:45+02:00
new bind issue
- - - - -
e9b3f286 by Salvatore Bonaccorso at 2025-07-16T18:17:23+02:00
Associate CVE-2025-40918 with libauthen-sasl-perl
- - - - -
00023e6d by Sylvain Beucler at 2025-07-16T21:03:38+02:00
dla: gnutls stats update
- - - - -
7495a19f by Salvatore Bonaccorso at 2025-07-16T21:35:46+02:00
Update status for CVE-2025-40918
- - - - -
46600959 by Salvatore Bonaccorso at 2025-07-16T21:36:30+02:00
Add Debian bug reference for CVE-2025-40923
- - - - -
62d09054 by Salvatore Bonaccorso at 2025-07-16T21:46:56+02:00
Add Debian bug reference for CVE-2025-40918
- - - - -
34b14c38 by Salvatore Bonaccorso at 2025-07-16T21:48:19+02:00
Mark CVE-2025-40918 as no-dsa
- - - - -
976605ef by Sylvain Beucler at 2025-07-16T21:54:22+02:00
CVE-2025-53015/imagemagick: introductory commit
GetXmpNumeratorAndDenominator and patched code introduced in that version
- - - - -
157a5e83 by Sylvain Beucler at 2025-07-16T22:01:09+02:00
CVE-2025-40918/libauthen-sasl-perl: bullseye postponed
- - - - -
98d05c10 by security tracker role at 2025-07-16T20:12:07+00:00
automatic update
- - - - -
0ceca847 by security tracker role at 2025-07-16T20:13:07+00:00
automatic NOT-FOR-US entries update
- - - - -
7451246e by Sylvain Beucler at 2025-07-16T22:16:13+02:00
lts-cve-triage: improve reports documentation
triage_possible_missed_fixes: drop injunction 'to be fixed or
<ignored>' which is less adequate as the LTS Team is more active
with SPUs; what remains in this report is often low-priority or was
released too soon after the latest DLA, hence need not immediate
action
to_forward/from_elts: those were just added during DebCamp25 Security
Sprint and procedures are yet to be updated;
hint future FDs at caution
- - - - -
61662a6f by Moritz Muehlenhoff at 2025-07-16T22:17:19+02:00
NFUs
- - - - -
1c0bf808 by Moritz Muehlenhoff at 2025-07-16T22:18:33+02:00
new unbound issue
- - - - -
e641459f by Moritz Muehlenhoff at 2025-07-16T22:21:11+02:00
new icingadb-web issue
- - - - -
0c997e20 by Sylvain Beucler at 2025-07-16T22:21:46+02:00
CVE-2025-24294/ruby2.7: bullseye postponed
- - - - -
01573a7b by Moritz Muehlenhoff at 2025-07-16T22:24:42+02:00
NFUs
- - - - -
93d450e8 by Sylvain Beucler at 2025-07-16T22:41:40+02:00
CVE-2025-21311/squid: bullseye postponed
- - - - -
1d311850 by Bastien Roucariès at 2025-07-17T00:31:05+02:00
Take pam
- - - - -
44b4397f by Andres Salomon at 2025-07-17T02:01:03-04:00
chromium dsa
- - - - -
d74b4429 by Salvatore Bonaccorso at 2025-07-17T08:40:06+02:00
Update status for CVE-2025-53015/imagemagick
- - - - -
f4cd1559 by Salvatore Bonaccorso at 2025-07-17T08:41:35+02:00
Drop notes on CVEs which were withdrawn
- - - - -
d108c030 by Salvatore Bonaccorso at 2025-07-17T08:47:26+02:00
Add reference to fixing commit for CVE-2025-5994/unbound
- - - - -
9d89292c by Salvatore Bonaccorso at 2025-07-17T08:49:22+02:00
Track fix via experimental for icingadb-web
- - - - -
20ac0a0f by Salvatore Bonaccorso at 2025-07-17T08:56:02+02:00
Track fixed version for imagemagick CVEs fixed via unstable
- - - - -
c606542b by security tracker role at 2025-07-17T08:12:13+00:00
automatic update
- - - - -
7d252309 by security tracker role at 2025-07-17T08:13:03+00:00
automatic NOT-FOR-US entries update
- - - - -
f2adc4a7 by Emilio Pozuelo Monfort at 2025-07-17T10:59:35+02:00
Return Not Found if the source pkg does not exist
Based on a patch from Sylvain Beucler.
Fixes: #39
- - - - -
f4da61d1 by Emilio Pozuelo Monfort at 2025-07-17T09:16:22+00:00
Merge branch '994897-fix-url-links' into 'master'
Fix links with extra trailing characters (Closes: #994897)
See merge request security-tracker-team/security-tracker!234
- - - - -
494172d3 by Emilio Pozuelo Monfort at 2025-07-17T11:17:24+02:00
web_support: fix invalid escape sequence
Use an r-string for the escape characters.
- - - - -
73bbca29 by Carlos Henrique Lima Melara at 2025-07-17T11:52:11+02:00
LTS: re-claim systemd in data/dla-needed.txt
- - - - -
e964211e by Sylvain Beucler at 2025-07-17T13:01:43+02:00
dla: add libxslt
- - - - -
0cd2f449 by Salvatore Bonaccorso at 2025-07-17T13:55:03+02:00
Take libxslt and keep an eye on upstream movement for unstable first
- - - - -
318169ea by Salvatore Bonaccorso at 2025-07-17T14:16:06+02:00
Process some NFUs
- - - - -
ac12a138 by Salvatore Bonaccorso at 2025-07-17T14:16:40+02:00
Add CVE-2025-34120/limesurvey, itp'ed
- - - - -
c37b865b by Salvatore Bonaccorso at 2025-07-17T14:17:27+02:00
Add CVE-2025-40776/bind9
- - - - -
53b8344c by Salvatore Bonaccorso at 2025-07-17T14:20:52+02:00
auto-nfu: Sort lift of products for cisco CNA
- - - - -
7e20df8c by Salvatore Bonaccorso at 2025-07-17T14:22:24+02:00
auto-nfu: Add another product for eclipse CNA
- - - - -
fc775895 by Salvatore Bonaccorso at 2025-07-17T14:23:03+02:00
Process some more NFUs
- - - - -
c738c700 by Sylvain Beucler at 2025-07-17T16:43:55+02:00
embedded-code-copies: precise pypy3 stdlib versions
- - - - -
25114e6e by Andrej Shadura at 2025-07-17T17:21:42+02:00
Give up jgit
- - - - -
eba671fb by Sylvain Beucler at 2025-07-17T17:32:58+02:00
pypy3: reference tar-related CVEs, bullseye (& bookworm) not-affected, trixie/sid unfixed
- - - - -
1590cdba by Sylvain Beucler at 2025-07-17T17:32:58+02:00
CVE-2025-6069/pypy3: bullseye postponed
- - - - -
b054207e by Sylvain Beucler at 2025-07-17T17:44:28+02:00
pypy3: note about tar-related CVEs fixed in experimental
- - - - -
0fb3b032 by Emilio Pozuelo Monfort at 2025-07-17T18:07:59+02:00
check-new-issues: don't print stats with --auto
We run --auto from cron to process NFUs.
- - - - -
bea8545a by Salvatore Bonaccorso at 2025-07-17T20:41:05+02:00
Track fixed version for CVE-2025-5994/unbound
- - - - -
46fbd545 by Salvatore Bonaccorso at 2025-07-17T20:41:57+02:00
Add Debian bug reference for unbound issue
- - - - -
914d974e by Sylvain Beucler at 2025-07-17T21:35:43+02:00
pypy3: reference recent py3-stdlib CVEs
- - - - -
e25392a7 by Salvatore Bonaccorso at 2025-07-17T21:59:12+02:00
Sync pypy3 status according to maintainer triage
Link: https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/219
- - - - -
dcd4d32a by Salvatore Bonaccorso at 2025-07-17T22:02:04+02:00
Update status in sync with MR!219 for pypy3
- - - - -
f3abb811 by Salvatore Bonaccorso at 2025-07-17T22:07:00+02:00
Track fixed version for openjdk-21 issues fixed via unstable
- - - - -
2858603f by Salvatore Bonaccorso at 2025-07-17T22:12:13+02:00
Track fixed version for virtualbox issues
- - - - -
4f74f4a8 by Salvatore Bonaccorso at 2025-07-17T22:51:54+02:00
Update status for CVE-2022-49501
- - - - -
e9683f74 by Salvatore Bonaccorso at 2025-07-17T23:24:09+02:00
Add CVE-2025-40924/libcatalyst-plugin-session-perl
- - - - -
15449d10 by Salvatore Bonaccorso at 2025-07-17T23:58:36+02:00
Add Debian bug reference for CVE-2025-40924/libcatalyst-plugin-session-perl
- - - - -
a21f5625 by Salvatore Bonaccorso at 2025-07-18T07:18:56+02:00
Process one NFU
- - - - -
94b8768c by Salvatore Bonaccorso at 2025-07-18T07:20:44+02:00
Add CVE-2025-27558 and track mitigations in Linux
- - - - -
fe62192c by Salvatore Bonaccorso at 2025-07-18T07:39:36+02:00
Add CVE-2025-7700/ffmpeg
- - - - -
96111719 by Salvatore Bonaccorso at 2025-07-18T07:45:39+02:00
Process one NFU
- - - - -
fde006fb by Salvatore Bonaccorso at 2025-07-18T09:33:36+02:00
Add new opencv issue
- - - - -
d5925153 by security tracker role at 2025-07-18T08:12:33+00:00
automatic update
- - - - -
560eb7b0 by security tracker role at 2025-07-18T08:14:10+00:00
automatic NOT-FOR-US entries update
- - - - -
74b5606d by Sylvain Beucler at 2025-07-18T10:40:23+02:00
dla: add pypy3
- - - - -
721135ee by Sylvain Beucler at 2025-07-18T11:05:46+02:00
dla: drop jgit
- - - - -
6a56b76c by Sylvain Beucler at 2025-07-18T11:28:37+02:00
CVE-2025-53905,CVE-2025-53906/vim: bullseye postponed
- - - - -
c89e5086 by Sylvain Beucler at 2025-07-18T11:42:58+02:00
CVE-2025-6965/bullseye: follow bookworm
- - - - -
34c373c2 by Sylvain Beucler at 2025-07-18T12:01:28+02:00
lts-cve-triage: clarify base URL choice for links
This also unifies links display accross reports (notably 'from_elts').
See also:
https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/222#note_628613
- - - - -
8ecf2c4b by Sylvain Beucler at 2025-07-18T12:07:15+02:00
CVE-2025-7700/ffmpeg: bullseye postponed
- - - - -
ab176cf5 by Adrian Bunk at 2025-07-18T13:23:27+03:00
CVE-2023-39355/freerdp2: Stop claiming is was fixed in DLA-3606-1
freerdp2 is not affected, see commit eca3b3c0 and commit 115c1d0d
- - - - -
ab14f391 by Adrian Bunk at 2025-07-18T14:39:42+03:00
CVE-2023-39355/freerdp2: Also remove DLA annotation
- - - - -
5aa87112 by Salvatore Bonaccorso at 2025-07-18T15:05:19+02:00
Update information on CVE-2025-53644/opencv
- - - - -
3ce48a2a by Salvatore Bonaccorso at 2025-07-18T15:11:35+02:00
Update status for CVE-2025-53644
Since 3.1.0+dfsg1-1~exp1 the embbeded code copy of openjpeg2 is exclude
completely from source via Files-Excluded listing. Mark this version as
fixed version. Any CVE affecting openjpeg2 is handled separately and
this CVE was specific for OpenCV affected by the issue in the embedeed
copy.
- - - - -
7fe71e7c by Salvatore Bonaccorso at 2025-07-18T15:26:37+02:00
Process some NFUs
- - - - -
93c453d6 by Salvatore Bonaccorso at 2025-07-18T15:36:01+02:00
Add CVE-2025-38349/linux
- - - - -
ab8955c5 by Sylvain Beucler at 2025-07-18T16:41:41+02:00
CVE-2019-13147/audiofile: bullseye postponed to align with other dists
- - - - -
6bf22210 by Sylvain Beucler at 2025-07-18T16:41:41+02:00
dla: add exempi
- - - - -
60a5d95f by Sylvain Beucler at 2025-07-18T16:41:41+02:00
dla: add modsecurity-crs
- - - - -
2df653bf by Sylvain Beucler at 2025-07-18T16:41:42+02:00
dla: add batik
- - - - -
faac3333 by Sylvain Beucler at 2025-07-18T17:50:59+02:00
CVE-2025-40924/libcatalyst-plugin-session-perl: bullseye postponed
- - - - -
69f0175f by Sylvain Beucler at 2025-07-18T17:52:22+02:00
CVE-2025-40923/libplack-middleware-session-perl: bullseye postponed
- - - - -
97e90b56 by Sylvain Beucler at 2025-07-18T17:56:30+02:00
CVE-2025-53643/python-aiohttp: bullseye postponed
- - - - -
d9ad1d4b by Sylvain Beucler at 2025-07-18T18:02:15+02:00
CVE-2025-0634,CVE-2025-53074,CVE-2025-53075/rlottie: follow bookworm triage for bullseye
- - - - -
ab82c6f4 by Adrian Bunk at 2025-07-18T21:45:39+03:00
dla: take exempi
- - - - -
1db62671 by Salvatore Bonaccorso at 2025-07-18T21:49:21+02:00
Track fixed version for three libxml2 CVEs
- - - - -
761b4355 by Salvatore Bonaccorso at 2025-07-18T21:50:38+02:00
CVE assigned for qbittorrent issue
- - - - -
20de9615 by Salvatore Bonaccorso at 2025-07-18T22:07:34+02:00
Add CVE-2025-7339/node-on-headers
- - - - -
064b36be by Salvatore Bonaccorso at 2025-07-18T22:08:26+02:00
Add two new grafana issues
- - - - -
74c674b0 by Salvatore Bonaccorso at 2025-07-18T22:10:01+02:00
Process some NFUs
- - - - -
ab8ba499 by Adrian Bunk at 2025-07-18T23:14:34+03:00
dla: take modsecurity-crs
- - - - -
790bc2eb by Salvatore Bonaccorso at 2025-07-18T22:16:46+02:00
Add new goldendict issue
- - - - -
4574631a by Salvatore Bonaccorso at 2025-07-18T22:37:58+02:00
Add two 7zip issues
- - - - -
f072978f by Salvatore Bonaccorso at 2025-07-18T22:45:07+02:00
Process some NFUs
- - - - -
abab11be by Adrian Bunk at 2025-07-19T00:09:55+03:00
Revert "Update status for CVE-2021-46310/djvulibre"
This reverts commit c98272b726ac5d5ebbaeb3da034367dbd7a64b23.
See #1052668.
- - - - -
aba3d762 by Adrian Bunk at 2025-07-19T00:13:38+03:00
dla: take batik
- - - - -
e9a7c85f by Salvatore Bonaccorso at 2025-07-19T07:41:50+02:00
Track progress of ceph regression with Debian bug
- - - - -
dbc98945 by Salvatore Bonaccorso at 2025-07-19T07:43:54+02:00
Track fixed version for CVE-2025-5992/qt6-base via unstable upload
- - - - -
3c764baf by Salvatore Bonaccorso at 2025-07-19T07:49:41+02:00
Track imagemagick fixes via trixie
Those CVEs could not be anymore be fixed via unstable unless doing a
revert, which was not desirable here. So targeted fixes are going via
trixie without risk of beeing superseeded by the upper version directly
via testing migration. Track those fixes.
- - - - -
2623d740 by Salvatore Bonaccorso at 2025-07-19T07:57:13+02:00
Track fixes for openjdk-24 via unstable
- - - - -
0f38d7df by Salvatore Bonaccorso at 2025-07-19T08:11:40+02:00
Add Debian bug reference for 7zip issues
- - - - -
0a5513a2 by Salvatore Bonaccorso at 2025-07-19T09:19:34+02:00
Add CVE-2025-38350/linux
- - - - -
764f8816 by security tracker role at 2025-07-19T08:11:59+00:00
automatic update
- - - - -
925ab1bf by security tracker role at 2025-07-19T08:12:52+00:00
automatic NOT-FOR-US entries update
- - - - -
2fdb8d2e by Sylvain Beucler at 2025-07-19T11:02:56+02:00
dla: erlang status update
- - - - -
4f5b4fbc by Sylvain Beucler at 2025-07-19T11:27:01+02:00
CVE-2025-53014,CVE-2025-53019,CVE-2025-53101/imagemagick: bullseye postponed
- - - - -
53875615 by Salvatore Bonaccorso at 2025-07-19T14:29:10+02:00
Remove todo from now (and finally) rejected CVE-2025-23090
- - - - -
1c2e3661 by Salvatore Bonaccorso at 2025-07-19T14:38:18+02:00
Process some NFUs
- - - - -
74ad31ce by Salvatore Bonaccorso at 2025-07-19T14:38:48+02:00
Update status for CVE-2025-38349/linux
- - - - -
1760f85b by Salvatore Bonaccorso at 2025-07-19T14:39:49+02:00
Add CVE-2025-38351/linux
- - - - -
d7578dab by Salvatore Bonaccorso at 2025-07-19T14:40:29+02:00
AddCVE-2025-7797/gpac
- - - - -
75202241 by Salvatore Bonaccorso at 2025-07-19T14:41:16+02:00
Add CVE-2025-7784/keycloak, itp'ed
- - - - -
6feb1aa4 by Salvatore Bonaccorso at 2025-07-19T14:41:53+02:00
Add initial tracking for some wolfssl issues
- - - - -
910dbe2b by Salvatore Bonaccorso at 2025-07-19T14:43:43+02:00
Add new mattermost-server CVEs
- - - - -
593075d5 by Salvatore Bonaccorso at 2025-07-19T14:56:32+02:00
Update status for 7zip related CVEs
- - - - -
e935096f by Salvatore Bonaccorso at 2025-07-19T15:04:04+02:00
Track fixed version for openjdk-11 via unstable
- - - - -
3907117c by Salvatore Bonaccorso at 2025-07-19T15:05:02+02:00
Add Debian bug reference for node-on-headers issue
- - - - -
a019f199 by Sylvain Beucler at 2025-07-19T20:11:32+02:00
dla: add p7zip-rar
- - - - -
5354797e by Salvatore Bonaccorso at 2025-07-19T20:14:34+02:00
Add CVE-2025-7783/node-form-data
- - - - -
0af07ab2 by Salvatore Bonaccorso at 2025-07-19T20:14:35+02:00
Process some NFUs
- - - - -
70f4ffa2 by Salvatore Bonaccorso at 2025-07-19T20:14:35+02:00
Add CVE-2025-53901/rust-wasmtime
- - - - -
d8cd22a3 by Sylvain Beucler at 2025-07-19T20:15:08+02:00
CVE-2025-7797/gpac: bullseye end-of-life
- - - - -
5fdc5627 by Salvatore Bonaccorso at 2025-07-19T20:18:23+02:00
Update status for CVE-2025-7395/wolfssl
- - - - -
189534cd by Salvatore Bonaccorso at 2025-07-19T20:22:30+02:00
Update status for CVE-2025-7394/wolfssl
- - - - -
74e72446 by Salvatore Bonaccorso at 2025-07-19T20:23:59+02:00
Update status for CVE-2025-7396/wolfssl
- - - - -
0ac1e237 by Salvatore Bonaccorso at 2025-07-19T20:25:17+02:00
Track fixed version for CVE-2025-7339/node-on-headers
- - - - -
ced7f768 by Salvatore Bonaccorso at 2025-07-19T22:06:34+02:00
Track fixed version for openjdk-17 issues
- - - - -
6df8314e by security tracker role at 2025-07-19T20:12:17+00:00
automatic update
- - - - -
2045841e by security tracker role at 2025-07-19T20:13:19+00:00
automatic NOT-FOR-US entries update
- - - - -
88411f26 by Salvatore Bonaccorso at 2025-07-19T22:15:13+02:00
Add Debian bug reference for CVE-2025-53901/rust-wasmtime
- - - - -
b7628abb by Salvatore Bonaccorso at 2025-07-19T22:37:55+02:00
Add Debian bug reference for CVE-2025-7394/wolfssl
- - - - -
2db195e9 by Salvatore Bonaccorso at 2025-07-19T22:39:25+02:00
Reference upstream commit for CVE-2025-40777/bind9
- - - - -
0bfb2700 by Salvatore Bonaccorso at 2025-07-19T23:00:01+02:00
Reference amd64-microcode changes needed for TSA mitiations
- - - - -
f26d1e4b by Salvatore Bonaccorso at 2025-07-19T23:06:16+02:00
Process some NFUs
- - - - -
61cb5fc5 by Bastien Roucariès at 2025-07-19T23:37:52+02:00
CVE-2022-25844/angular.js
For documentation purpose and ELTS fix as not vulnerable for stretch and buster
Vulenrable code is regex \s*\u00A4\s* that is not present
- - - - -
46989cd1 by Bastien Roucariès at 2025-07-20T00:22:07+02:00
Reserve DLA-4242-1 for angular.js
- - - - -
e344bbfe by Salvatore Bonaccorso at 2025-07-20T07:28:03+02:00
Mark two more CVEs no-dsa/postponed for angular.js
- - - - -
61f2592e by Salvatore Bonaccorso at 2025-07-20T07:30:28+02:00
Track fixes for angular.js via unstable
- - - - -
abeb59ac by Salvatore Bonaccorso at 2025-07-20T07:39:36+02:00
Track proposed update for angular.js via bookworm-pu
- - - - -
f65570a9 by Salvatore Bonaccorso at 2025-07-20T07:59:00+02:00
Reference fix for CVE-2021-46312
- - - - -
cee4c4be by Salvatore Bonaccorso at 2025-07-20T08:08:29+02:00
Update status for commons-vfs, will be fixed via point release
- - - - -
2c9c7680 by Salvatore Bonaccorso at 2025-07-20T08:16:24+02:00
Document that maintainer of redis is working on updates
- - - - -
c5620e07 by Salvatore Bonaccorso at 2025-07-20T08:28:28+02:00
Add Debian bug reference for CVE-2025-7783
- - - - -
1d757a50 by Salvatore Bonaccorso at 2025-07-20T09:42:00+02:00
Add temporary entry for krusader issue
- - - - -
1cf51c1b by security tracker role at 2025-07-20T08:12:47+00:00
automatic update
- - - - -
24bf215a by security tracker role at 2025-07-20T08:14:25+00:00
automatic NOT-FOR-US entries update
- - - - -
8c6560d8 by Salvatore Bonaccorso at 2025-07-20T15:18:58+02:00
Add Debian bug reference for binutils issues
- - - - -
8a91ed56 by Salvatore Bonaccorso at 2025-07-20T15:31:06+02:00
Track fixed version for CVE-2025-48734/commons-beanutils
- - - - -
cc382c93 by Salvatore Bonaccorso at 2025-07-20T15:40:53+02:00
Process some NFUs
- - - - -
3cfa906e by Salvatore Bonaccorso at 2025-07-20T15:42:21+02:00
Mark imagemagick issues as no-dsa for bookworm
- - - - -
091ae512 by Salvatore Bonaccorso at 2025-07-20T20:47:17+02:00
Revert tracking of fixed version for trixie for imagemagick
Release team does not agree that the fix should go via
trixie-proposed-updates since there was some discussion already on the
state of imagemagick in https://bugs.debian.org/1109572#12 and the
earlier https://bugs.debian.org/1104632#29
- - - - -
2f7b9101 by Salvatore Bonaccorso at 2025-07-20T21:55:25+02:00
Fix typo in note for CVE-2025-53644
- - - - -
c0becd4e by security tracker role at 2025-07-20T20:12:13+00:00
automatic update
- - - - -
72f73df1 by security tracker role at 2025-07-20T20:13:08+00:00
automatic NOT-FOR-US entries update
- - - - -
2e73b03f by Adrian Bunk at 2025-07-20T23:14:08+03:00
Reserve DLA-4243-1 for batik
- - - - -
fe5fa8d7 by Salvatore Bonaccorso at 2025-07-20T22:15:51+02:00
Add CVE-2025-7738
- - - - -
9e0b3911 by Salvatore Bonaccorso at 2025-07-20T22:26:06+02:00
Process some NFUs
- - - - -
295b386a by Salvatore Bonaccorso at 2025-07-20T22:26:39+02:00
Add CVE-2025-54314/ruby-thor
- - - - -
b1954def by Salvatore Bonaccorso at 2025-07-21T07:44:51+02:00
Track fixed version for two djvulibre issues
- - - - -
4cbd8023 by Salvatore Bonaccorso at 2025-07-21T09:17:22+02:00
Add reference for CVE-2025-53367/djvulibre
- - - - -
67e2712e by security tracker role at 2025-07-21T08:12:06+00:00
automatic update
- - - - -
1212c460 by security tracker role at 2025-07-21T08:12:58+00:00
automatic NOT-FOR-US entries update
- - - - -
85ad107d by Markus Koschany at 2025-07-21T12:09:18+02:00
Reserve DLA-4244-1 for tomcat9
- - - - -
0ffa950a by Markus Koschany at 2025-07-21T12:11:54+02:00
Reserve DLA-4245-1 for libcommons-fileupload-java
- - - - -
065c1337 by Markus Koschany at 2025-07-21T12:17:37+02:00
Reserve DLA-4246-1 for libowasp-esapi-java
- - - - -
50e10cd7 by Markus Koschany at 2025-07-21T12:31:41+02:00
CVE-2025-50200,rabbitmq-server: link to pull request
Upstream confirmed that pull request 13612 fixed the problem
https://github.com/rabbitmq/rabbitmq-server/discussions/14225#discussioncomment-13748692
- - - - -
50e069c7 by Salvatore Bonaccorso at 2025-07-21T14:26:48+02:00
Process some NFUs
- - - - -
04dd1842 by Salvatore Bonaccorso at 2025-07-21T14:28:50+02:00
Add new wordpress issue
- - - - -
9462f4fc by Salvatore Bonaccorso at 2025-07-21T14:29:19+02:00
Annotate information on fix for CVE-2021-46312
- - - - -
ba4d9eb5 by Salvatore Bonaccorso at 2025-07-21T14:29:46+02:00
auto-nfu: Add another product for Trellix rule
- - - - -
9419ed51 by Roberto C. Sánchez at 2025-07-21T08:37:01-04:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Roberto C. Sánchez <roberto at debian.org>
- - - - -
6997942d by Adrian Bunk at 2025-07-21T15:45:29+03:00
Reserve DLA-4247-1 for djvulibre
- - - - -
627eafd5 by Daniel Leidert at 2025-07-21T16:54:57+02:00
LTS: claim pytorch in dla-needed.txt
- - - - -
596790b7 by Daniel Leidert at 2025-07-21T16:55:09+02:00
LTS: claim snapcast in dla-needed.txt
- - - - -
77daa906 by Emmanuel Arias at 2025-07-21T13:02:42-03:00
LTS: claim jackson-core in dla-needed.txt
- - - - -
a0bb9926 by Salvatore Bonaccorso at 2025-07-21T21:51:25+02:00
Mark libitext1-java as removed from unstable
- - - - -
6e923b07 by security tracker role at 2025-07-21T20:12:54+00:00
automatic update
- - - - -
a0134b93 by security tracker role at 2025-07-21T20:14:28+00:00
automatic NOT-FOR-US entries update
- - - - -
e7218f27 by Salvatore Bonaccorso at 2025-07-21T22:15:36+02:00
Add Debian bug reference for wordpress issue
- - - - -
31231b42 by Salvatore Bonaccorso at 2025-07-21T22:15:38+02:00
Add Debian bug reference for ruby-thor issue
- - - - -
0fa5e904 by Salvatore Bonaccorso at 2025-07-21T22:19:51+02:00
auto-nfu: Add description based rule for IrfanView
- - - - -
adc7d7c1 by Salvatore Bonaccorso at 2025-07-21T22:24:08+02:00
Add CVE-2025-7962/jakarta-mail
- - - - -
fa88755f by Salvatore Bonaccorso at 2025-07-21T22:24:58+02:00
Process some NFUs
- - - - -
26aeb21f by Salvatore Bonaccorso at 2025-07-21T22:34:49+02:00
Add CVE-2025-54121/starlette
- - - - -
e764e170 by Salvatore Bonaccorso at 2025-07-21T22:35:23+02:00
Process some NFUs
- - - - -
1dbf2293 by Emilio Pozuelo Monfort at 2025-07-22T09:39:38+02:00
CVE-2025-30761/openjdk-11 fixed in 11.0.28+6-1
It was not mentioned in the d/changelog entry due to a copy/paste
error from openjdk-17, which is not affected by CVE-2025-30761,
but it was fixed in 11.0.28+6:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2025-July/045612.html
- - - - -
1198a9c6 by Salvatore Bonaccorso at 2025-07-22T10:10:28+02:00
Add CVE-2025-38352/linux
- - - - -
1aca1513 by Sylvain Beucler at 2025-07-22T14:16:14+02:00
dla: add note from smvc
- - - - -
c4372375 by Salvatore Bonaccorso at 2025-07-22T14:18:48+02:00
Track fixed version for CVE-2024-52046/mina2 via unstable
- - - - -
7284c182 by security tracker role at 2025-07-22T20:12:35+00:00
automatic update
- - - - -
52085303 by security tracker role at 2025-07-22T20:14:09+00:00
automatic NOT-FOR-US entries update
- - - - -
0f9fe728 by Thorsten Alteholz at 2025-07-22T23:56:57+02:00
mark CVE-2025-40777 as postponed for Bullseye
- - - - -
4d57e2ed by Salvatore Bonaccorso at 2025-07-23T07:33:50+02:00
Process some NFUs
- - - - -
070cc1d0 by Salvatore Bonaccorso at 2025-07-23T07:36:05+02:00
Add CVE-2025-51471/ollama
- - - - -
23fe3dd3 by Salvatore Bonaccorso at 2025-07-23T07:37:20+02:00
Update status for two iputils issues
- - - - -
06826d6b by Salvatore Bonaccorso at 2025-07-23T07:38:58+02:00
Add CVE-2025-50151/apache-jena
- - - - -
d7de2016 by Salvatore Bonaccorso at 2025-07-23T07:42:33+02:00
Add two new chromium issues
- - - - -
bbee47b9 by Salvatore Bonaccorso at 2025-07-23T07:44:56+02:00
Add chromium to dsa-needed list
- - - - -
70698804 by Salvatore Bonaccorso at 2025-07-23T07:45:50+02:00
Add firefox-esr and thunderbird to dsa-needed list
- - - - -
5d0901c8 by Salvatore Bonaccorso at 2025-07-23T07:53:26+02:00
Add firefox issues from mfsa2025-56
- - - - -
38116151 by Salvatore Bonaccorso at 2025-07-23T07:57:14+02:00
Add firefox-esr issues from mfsa2025-58
- - - - -
807702e1 by Salvatore Bonaccorso at 2025-07-23T07:58:26+02:00
Track fixes for firefox-esr via unstable
- - - - -
66171d6a by Emilio Pozuelo Monfort at 2025-07-23T08:22:45+02:00
Drop bullseye from backport releases
bullseye-backports has been archived.
- - - - -
6a09de57 by Salvatore Bonaccorso at 2025-07-23T08:59:50+02:00
Add thunderbird issues from mfsa2025-62
- - - - -
b6799f74 by Emilio Pozuelo Monfort at 2025-07-23T09:02:54+02:00
auto-nfu: fix TP-LINK entry
It should be a new one, otherwise it overrides the TOTOLINK
entry, which will not be run.
- - - - -
5358b924 by Salvatore Bonaccorso at 2025-07-23T09:05:27+02:00
Add secondary bug for CVE-2025-47268/CVE-2025-48964 in iputils
- - - - -
922c75a6 by Salvatore Bonaccorso at 2025-07-23T09:12:13+02:00
Unify TOTOLINK NFUs
- - - - -
5f3ed12e by Salvatore Bonaccorso at 2025-07-23T09:15:32+02:00
Associate CVE-2025-53603 with scope (where the vulnerable code lives)
- - - - -
1a33dd39 by Salvatore Bonaccorso at 2025-07-23T09:18:05+02:00
Track fixed version via unstable for CVE-2025-53603/sope
- - - - -
b9548dac by Emilio Pozuelo Monfort at 2025-07-23T10:10:19+02:00
lts: take firefox-esr and thunderbird
- - - - -
549cd372 by Emilio Pozuelo Monfort at 2025-07-23T10:44:46+02:00
Reserve DLA-4248-1 for openjdk-11
- - - - -
d45fb084 by Salvatore Bonaccorso at 2025-07-23T13:46:56+02:00
Add fixed version via unstable for CVE-2025-53689
- - - - -
15894bac by Salvatore Bonaccorso at 2025-07-23T20:02:44+02:00
Track firefox issues fixed via unstable
- - - - -
21615152 by Salvatore Bonaccorso at 2025-07-23T20:07:23+02:00
Add CVE-2025-54090/apache2
- - - - -
8c81b744 by Chris Lamb at 2025-07-23T12:50:06-07:00
Add a note about CVE-2025-49112/redis.
- - - - -
68407554 by Guilhem Moulin at 2025-07-23T22:07:44+02:00
CVE-2025-32697/mediawiki: Mark as <ignored> for bullseye
Following Security Team triaging for bookworm in
f771a8d3d320f8875c39594e5f3670a7fe5b501c.
- - - - -
33a75abb by Guilhem Moulin at 2025-07-23T22:08:14+02:00
Reserve DLA-4249-1 for mediawiki
- - - - -
323133a9 by security tracker role at 2025-07-23T20:12:16+00:00
automatic update
- - - - -
646aa54b by security tracker role at 2025-07-23T20:13:11+00:00
automatic NOT-FOR-US entries update
- - - - -
8f074d50 by Salvatore Bonaccorso at 2025-07-23T22:21:35+02:00
Reserve DSA number for firefox-esr update
- - - - -
cd6d6300 by Salvatore Bonaccorso at 2025-07-23T22:41:58+02:00
Add CVE-2025-8058/glibc
- - - - -
7353cedf by Salvatore Bonaccorso at 2025-07-23T22:45:30+02:00
Update note for CVE-2025-49112
- - - - -
1fcfcc7b by Salvatore Bonaccorso at 2025-07-23T23:05:45+02:00
Process some NFUs
- - - - -
038f229c by Salvatore Bonaccorso at 2025-07-23T23:07:48+02:00
Add CVE-2025-54141/ViewVC
- - - - -
2fa7c273 by Salvatore Bonaccorso at 2025-07-23T23:08:20+02:00
Add CVE-2025-54140/pyload, itp'ed
- - - - -
1b542695 by Salvatore Bonaccorso at 2025-07-23T23:09:15+02:00
Add CVE-2025-54072/yt-dlp
- - - - -
53dd80f4 by Salvatore Bonaccorso at 2025-07-23T23:09:59+02:00
Add CVE-2025-53538/suricata
- - - - -
008d8b22 by Salvatore Bonaccorso at 2025-07-23T23:10:48+02:00
Add CVE-2025-50477/lbry-desktop, itp'ed
- - - - -
c2416545 by Salvatore Bonaccorso at 2025-07-23T23:16:46+02:00
Update notes for CVE-2025-7345
The regression reported was a false positive and not reproducible.
- - - - -
fe836a0f by Salvatore Bonaccorso at 2025-07-23T23:20:24+02:00
Update status for mysql-8.0 issues
- - - - -
ac865c4d by Salvatore Bonaccorso at 2025-07-23T23:27:41+02:00
Add CVE-2025-30192/pdns-recursor
- - - - -
cac7b133 by Thorsten Alteholz at 2025-07-23T23:39:02+02:00
mark CVE of devscripts as postponed for Bullseye
- - - - -
0a470bf4 by Thorsten Alteholz at 2025-07-23T23:57:31+02:00
add goldendict
- - - - -
b338e2bb by Thorsten Alteholz at 2025-07-24T00:04:28+02:00
add node-form-data
- - - - -
ab7923fe by Adrian Bunk at 2025-07-24T01:54:29+03:00
dla: take node-form-data
- - - - -
018eac47 by Salvatore Bonaccorso at 2025-07-24T06:57:43+02:00
Update references for CVE-2025-8058/glibc
- - - - -
51c330a9 by Salvatore Bonaccorso at 2025-07-24T07:03:14+02:00
Add sope as well to dsa-needed list
- - - - -
dc9dcf4c by Salvatore Bonaccorso at 2025-07-24T07:25:27+02:00
Add Debian bug reference for CVE-2-25-8058/glibc
- - - - -
b8ae1613 by Salvatore Bonaccorso at 2025-07-24T07:25:57+02:00
Add Debian bug reference for CVE-2025-53538/suricata
- - - - -
30566625 by Salvatore Bonaccorso at 2025-07-24T07:26:30+02:00
Add CVE-2025-7962/jakarta-mail
- - - - -
b8d7d8a2 by Salvatore Bonaccorso at 2025-07-24T07:27:01+02:00
Add Debian bug reference for CVE-2025-54121/starlette
- - - - -
5cfe6bac by Salvatore Bonaccorso at 2025-07-24T07:27:39+02:00
Add Debian bug reference for CVE-2025-50151/apache-jena
- - - - -
388c1a9c by Salvatore Bonaccorso at 2025-07-24T07:28:05+02:00
Add Debian bug reference for CVE-2025-30192/pdns-recursor
- - - - -
60ae87de by Emilio Pozuelo Monfort at 2025-07-24T08:25:25+02:00
Reserve DLA-4250-1 for firefox-esr
- - - - -
4940713c by Salvatore Bonaccorso at 2025-07-24T09:15:47+02:00
Three CVEs finally rejected (where bogus and violating CNA rules)
- - - - -
4ebca674 by Andres Salomon at 2025-07-24T03:18:57-04:00
chromium dsa
- - - - -
5b8465e9 by security tracker role at 2025-07-24T08:12:15+00:00
automatic update
- - - - -
c1636414 by security tracker role at 2025-07-24T08:13:05+00:00
automatic NOT-FOR-US entries update
- - - - -
fdd88800 by Salvatore Bonaccorso at 2025-07-24T12:25:27+02:00
Add reference for CVE-2025-7962
- - - - -
44e5cd88 by Salvatore Bonaccorso at 2025-07-24T12:32:35+02:00
Add new set of gitlab issues
- - - - -
b2034f5b by Salvatore Bonaccorso at 2025-07-24T12:33:04+02:00
Process some NFUs
- - - - -
d2927636 by Salvatore Bonaccorso at 2025-07-24T14:15:46+02:00
Track fixed version via unstable for CVE-2025-7783/node-form-data
- - - - -
5c624f6d by Salvatore Bonaccorso at 2025-07-24T14:17:37+02:00
Track fix via experimental for pnds-recursor issue
- - - - -
37387593 by Salvatore Bonaccorso at 2025-07-24T14:18:46+02:00
Mark CVE-2025-30192 as no-dsa
- - - - -
39ab217c by Salvatore Bonaccorso at 2025-07-24T14:41:25+02:00
Add javamail to CVE-2025-7962 for the 1.6.y branch
- - - - -
20e090e3 by Salvatore Bonaccorso at 2025-07-24T14:46:04+02:00
Add Debian bug reference for CVE-2025-7962/javamail
- - - - -
bf503b35 by Salvatore Bonaccorso at 2025-07-24T15:29:44+02:00
Process some NFUs
- - - - -
2b71ea9d by Salvatore Bonaccorso at 2025-07-24T15:30:27+02:00
Add CVE-2025-53537/libhtp
- - - - -
3486d2c5 by Salvatore Bonaccorso at 2025-07-24T15:30:53+02:00
Add two new gitlab issues
- - - - -
fdaa12c9 by Salvatore Bonaccorso at 2025-07-24T21:54:37+02:00
Update status for redis proposed debdiff send for review
- - - - -
3ac2cf2d by Salvatore Bonaccorso at 2025-07-24T21:58:52+02:00
Add Debian bug reference for CVE-2025-53537/libhtp
- - - - -
e5beaf8d by Salvatore Bonaccorso at 2025-07-24T22:03:16+02:00
Correct freerdp2 version pending for next bookworm point release
- - - - -
d15c9bf3 by security tracker role at 2025-07-24T20:12:41+00:00
automatic update
- - - - -
f9597ff8 by security tracker role at 2025-07-24T20:14:08+00:00
automatic NOT-FOR-US entries update
- - - - -
e8e35202 by Salvatore Bonaccorso at 2025-07-24T22:23:41+02:00
Add CVE-2025-8114/libssh
- - - - -
a76d2145 by Salvatore Bonaccorso at 2025-07-24T22:24:14+02:00
Add CVE-2025-6998/calibre-web, itp'ed
- - - - -
57ef7724 by Salvatore Bonaccorso at 2025-07-24T22:24:50+02:00
Process some NFUs
- - - - -
d29072d7 by Thorsten Alteholz at 2025-07-24T23:55:21+02:00
add unbound
- - - - -
876c4252 by Salvatore Bonaccorso at 2025-07-25T07:54:15+02:00
Track fixed version for iputils issue
- - - - -
132c3b38 by Salvatore Bonaccorso at 2025-07-25T07:56:45+02:00
Track fixed version for thunderbird issues fixed via unstable
- - - - -
2cf79954 by Salvatore Bonaccorso at 2025-07-25T07:58:46+02:00
Track fixed version for two chromium issues fixed via unstable
- - - - -
94116895 by Salvatore Bonaccorso at 2025-07-25T09:11:09+02:00
Mark golang-1.{16,17} as removed eveywhere supported
- - - - -
5b4e356f by Salvatore Bonaccorso at 2025-07-25T09:17:36+02:00
Mark CVE-2018-9389 as NFU and Android specific
- - - - -
d7cba29f by Salvatore Bonaccorso at 2025-07-25T09:22:40+02:00
Add Debian bug reference for CVE-2025-8114/libssh
- - - - -
b98cefd0 by Salvatore Bonaccorso at 2025-07-25T09:26:46+02:00
Add two new qemu issues
- - - - -
ad99e930 by Salvatore Bonaccorso at 2025-07-25T09:29:44+02:00
Add CVE-2025-46686 for redis
- - - - -
1d5d3d2e by Salvatore Bonaccorso at 2025-07-25T09:47:42+02:00
Try to clarify further the status for CVE-2025-46686/redis
- - - - -
617d2bbe by Salvatore Bonaccorso at 2025-07-25T09:51:38+02:00
Process one more NFU
- - - - -
7066f529 by security tracker role at 2025-07-25T08:12:25+00:00
automatic update
- - - - -
68276762 by security tracker role at 2025-07-25T08:13:22+00:00
automatic NOT-FOR-US entries update
- - - - -
89d52a20 by Salvatore Bonaccorso at 2025-07-25T15:15:10+02:00
Update status for two qemu issues
- - - - -
88e6212b by Salvatore Bonaccorso at 2025-07-25T15:24:25+02:00
Process some NFUs
- - - - -
f5aeabb8 by Salvatore Bonaccorso at 2025-07-25T15:25:06+02:00
Add CVE-2025-8129/node-koa, itp'ed
- - - - -
171e5fc5 by Salvatore Bonaccorso at 2025-07-25T15:30:40+02:00
Merge Linux CVEs from kernel-sec
- - - - -
37719a86 by Salvatore Bonaccorso at 2025-07-25T15:36:23+02:00
Merge Linux CVEs from kernel-sec
- - - - -
040f7d98 by Salvatore Bonaccorso at 2025-07-25T16:07:02+02:00
Merge Linux CVEs from kernel-sec
- - - - -
b076ec09 by Salvatore Bonaccorso at 2025-07-25T16:10:24+02:00
Merge Linux CVEs from kernel-sec
- - - - -
df8f06ef by Salvatore Bonaccorso at 2025-07-25T22:08:35+02:00
Merge Linux CVEs from kernel-sec
- - - - -
2c602647 by security tracker role at 2025-07-25T20:12:16+00:00
automatic update
- - - - -
bc2e0e9a by security tracker role at 2025-07-25T20:13:52+00:00
automatic NOT-FOR-US entries update
- - - - -
e6ae8e56 by Salvatore Bonaccorso at 2025-07-25T22:16:08+02:00
Merge Linux CVEs from kernel-sec
- - - - -
55a8d848 by Salvatore Bonaccorso at 2025-07-25T22:34:27+02:00
Merge Linux CVEs from kernel-sec
- - - - -
16f0d74a by Salvatore Bonaccorso at 2025-07-25T22:38:55+02:00
Remove notes from CVE-2025-49604
Furhter investigation showed it was no security issue.
- - - - -
c39e93e1 by Salvatore Bonaccorso at 2025-07-25T22:39:51+02:00
Remove notes from CVE-2025-3848
CVE-2025-3848 was a duplicate assignment for CVE-2025-25171.
- - - - -
89107831 by Salvatore Bonaccorso at 2025-07-25T22:41:05+02:00
Remove notes from CVE-2025-41662
CVE-2025-41662 is considered redundant or unnecessary and thus should be
withdrawn. Instead, a new CVE CVE-2025-41687 has been reserved to better
reflect the updated analysis.
- - - - -
2c5c1ad6 by Salvatore Bonaccorso at 2025-07-25T22:58:55+02:00
Add CVE-2025-8197/libsoup3
- - - - -
34ff1dd0 by Salvatore Bonaccorso at 2025-07-25T23:00:49+02:00
Process some NFUs
- - - - -
9a4a0990 by Salvatore Bonaccorso at 2025-07-25T23:02:58+02:00
Add CVE-2025-45406/codeigniter, itp'ed
- - - - -
87b727ae by Thorsten Alteholz at 2025-07-26T00:45:17+02:00
mark CVE-2025-30192 as EOL for Bullseye
- - - - -
34aa47b1 by Thorsten Alteholz at 2025-07-26T00:48:12+02:00
mark CVE-2025-8058 as postponed for glibc
- - - - -
52fc4fae by Thorsten Alteholz at 2025-07-26T00:52:49+02:00
mark CVE-2025-45582 as postponed for Buster
- - - - -
e69ba9b5 by Thorsten Alteholz at 2025-07-26T01:13:49+02:00
mark CVE-2025-7962 as postponed for Bullseye
- - - - -
c3472269 by Salvatore Bonaccorso at 2025-07-26T08:19:20+02:00
Mark glibc as no-dsa as agreed with maintainer
- - - - -
00db9c95 by Salvatore Bonaccorso at 2025-07-26T08:21:02+02:00
Track fixed version for sqlite3 issue via unstable
- - - - -
197379b2 by Salvatore Bonaccorso at 2025-07-26T09:41:19+02:00
Add two new tiff issues
- - - - -
5e665831 by security tracker role at 2025-07-26T08:12:01+00:00
automatic update
- - - - -
9ac8c06b by security tracker role at 2025-07-26T08:12:54+00:00
automatic NOT-FOR-US entries update
- - - - -
420a2a9e by Salvatore Bonaccorso at 2025-07-26T15:30:17+02:00
Add new nvidia kernel modules issues
- - - - -
5bd842b6 by Salvatore Bonaccorso at 2025-07-26T15:40:41+02:00
Process some NFUs
- - - - -
a6fc6900 by Guilhem Moulin at 2025-07-26T20:55:24+02:00
Reserve DLA-4251-1 for libxml2
- - - - -
f514a233 by security tracker role at 2025-07-26T20:12:10+00:00
automatic update
- - - - -
22780b1f by security tracker role at 2025-07-26T20:13:00+00:00
automatic NOT-FOR-US entries update
- - - - -
2f54e042 by Thorsten Alteholz at 2025-07-27T00:34:20+02:00
mark CVE-2025-54314 as postponed for Bullseye
- - - - -
395dc6d4 by Thorsten Alteholz at 2025-07-27T00:47:16+02:00
mark CVE of krusader as postponed for Bullseye
- - - - -
22d0894c by Thorsten Alteholz at 2025-07-27T00:53:49+02:00
mark CVE-2025-8114 as postponed for Bullseye
- - - - -
fd3dfaae by Thorsten Alteholz at 2025-07-27T00:56:05+02:00
mark CVE-2025-7339 as postponed for Bullseye
- - - - -
8a681f11 by Thorsten Alteholz at 2025-07-27T01:07:25+02:00
add zulucrypt
- - - - -
7450a2ac by Daniel Leidert at 2025-07-27T02:12:34+02:00
Reserve DLA-4252-1 for snapcast
- - - - -
6e08c95d by Emilio Pozuelo Monfort at 2025-07-27T09:45:13+02:00
Reserve DLA-4253-1 for thunderbird
- - - - -
7b8922ae by security tracker role at 2025-07-27T08:13:05+00:00
automatic update
- - - - -
e6462ff4 by security tracker role at 2025-07-27T08:14:11+00:00
automatic NOT-FOR-US entries update
- - - - -
7a6c3133 by Salvatore Bonaccorso at 2025-07-27T11:11:47+02:00
Fix bug number association for CVE-2025-49796/libxml2
Reported-by: Guilhem Moulin <guilhem at debian.org>
Fixes: 1db62671450e ("Track fixed version for three libxml2 CVEs")
- - - - -
438bc145 by Salvatore Bonaccorso at 2025-07-27T11:15:19+02:00
Track proposed djvulibre update via bookworm-pu
- - - - -
ac75adf8 by Salvatore Bonaccorso at 2025-07-27T11:20:52+02:00
Track fixed version for some libarchive issues fixed via unstable
- - - - -
bc6c7423 by Salvatore Bonaccorso at 2025-07-27T11:28:01+02:00
Reserve DSA number for thunderbird update
- - - - -
a6dee15d by Salvatore Bonaccorso at 2025-07-27T11:43:55+02:00
Add two new binutils issues
- - - - -
ae24f7f0 by Salvatore Bonaccorso at 2025-07-27T11:44:33+02:00
Process some NFUs
- - - - -
9aad7516 by Salvatore Bonaccorso at 2025-07-27T11:50:58+02:00
Unify upstream reference for CVE-2025-8225
- - - - -
422f4499 by Salvatore Bonaccorso at 2025-07-27T15:00:43+02:00
Process some NFUs
- - - - -
b9d3bf31 by Salvatore Bonaccorso at 2025-07-27T15:01:13+02:00
Add new issues in ros-ros-comm
- - - - -
5a269c19 by Daniel Leidert at 2025-07-27T17:16:17+02:00
Add PR link that fixes CVE-2024-30916 and CVE-2024-30917
- - - - -
f8c102c9 by Daniel Leidert at 2025-07-27T17:28:05+02:00
Add patch links for CVE-2023-50716
- - - - -
5c5f3456 by Guilhem Moulin at 2025-07-27T18:19:41+02:00
Reserve DLA-4254-1 for php7.4
- - - - -
7abdc7e2 by Salvatore Bonaccorso at 2025-07-27T19:02:46+02:00
Adjust upstream tag for CVE-2023-50716 commit
- - - - -
3631b0f7 by Salvatore Bonaccorso at 2025-07-27T21:14:57+02:00
Take care of DSA release for php8.2
- - - - -
715d2206 by Salvatore Bonaccorso at 2025-07-27T21:25:24+02:00
Track fix for glibc via unstable
- - - - -
a5e6a503 by Salvatore Bonaccorso at 2025-07-27T21:26:19+02:00
Track proposed update for bookworm-pu for glibc
- - - - -
67ae7907 by Salvatore Bonaccorso at 2025-07-27T21:28:14+02:00
Track fix via experimental for nvidia-graphics-drivers-tesla-535
- - - - -
4ae74b81 by Salvatore Bonaccorso at 2025-07-27T21:32:40+02:00
Add Debian bug reference for qemu issues
- - - - -
82459c9d by security tracker role at 2025-07-27T20:12:37+00:00
automatic update
- - - - -
c10826e3 by security tracker role at 2025-07-27T20:14:04+00:00
automatic NOT-FOR-US entries update
- - - - -
ff6a36c9 by Salvatore Bonaccorso at 2025-07-28T08:40:17+02:00
Mark CVE-2025-7783/node-form-data back as unfixed in unstable
- - - - -
6d709af7 by Salvatore Bonaccorso at 2025-07-28T09:15:18+02:00
Process some NFUs
- - - - -
2137082e by security tracker role at 2025-07-28T08:12:10+00:00
automatic update
- - - - -
fa055afe by security tracker role at 2025-07-28T08:13:02+00:00
automatic NOT-FOR-US entries update
- - - - -
9e933ca8 by Andrej Shadura at 2025-07-28T10:44:43+02:00
Claim mbedtls
- - - - -
abe727ae by Adrian Bunk at 2025-07-28T11:53:06+03:00
Revert "dla: take node-form-data"
This reverts commit ab7923fe779d39214e365e10ca12b0263ccfe7d6.
- - - - -
a40bb6d8 by Thorsten Alteholz at 2025-07-28T11:01:28+02:00
Reserve DLA-4255-1 for audiofile
- - - - -
167269ee by Thorsten Alteholz at 2025-07-28T11:07:07+02:00
Reserve DLA-4256-1 for libetpan
- - - - -
da26baeb by Thorsten Alteholz at 2025-07-28T11:15:07+02:00
Reserve DLA-4257-1 for libcaca
- - - - -
58edb00d by Salvatore Bonaccorso at 2025-07-28T12:06:04+02:00
Process some NFUs
- - - - -
0cd06ae1 by Salvatore Bonaccorso at 2025-07-28T12:16:34+02:00
Track proposed update for libxml2 issues via bookworm-pu
- - - - -
31e7818a by Salvatore Bonaccorso at 2025-07-28T12:24:31+02:00
Remove notes from now rejected Linux CVE
- - - - -
9975eab7 by Salvatore Bonaccorso at 2025-07-28T12:39:51+02:00
Track fixed version for libxml2 issue fixed via unstable upload
- - - - -
41efc2b5 by Salvatore Bonaccorso at 2025-07-28T13:35:30+02:00
Track fixed version via unstable for pdns-recursor
- - - - -
ae530a61 by Salvatore Bonaccorso at 2025-07-28T13:39:27+02:00
Track fixed version for CVE-2025-52886/poppler via unstable
- - - - -
854e0b7a by Salvatore Bonaccorso at 2025-07-28T13:40:30+02:00
Track fixed version for CVE-2025-54121/starlette via unstable
- - - - -
0f743851 by Salvatore Bonaccorso at 2025-07-28T16:16:39+02:00
Add CVE-2025-38468/linux
- - - - -
025a4677 by Thorsten Alteholz at 2025-07-28T16:24:35+02:00
fix typo
- - - - -
ab499832 by Salvatore Bonaccorso at 2025-07-28T16:47:12+02:00
Process one NFU
- - - - -
eca1b75f by Salvatore Bonaccorso at 2025-07-28T16:47:13+02:00
Add CVE-2025-8263/node-prettier, itp'ed
- - - - -
a7d1a87c by Salvatore Bonaccorso at 2025-07-28T16:47:13+02:00
Add CVE-2025-8262/node-yarnpkg
- - - - -
9218a84e by Salvatore Bonaccorso at 2025-07-28T16:48:12+02:00
CVE assigned for CVE-2024-58266/rust-shlex
- - - - -
e0a47f5f by Chris Lamb at 2025-07-28T07:57:58-07:00
data/dla-needed.txt: Claim node-form-data.
- - - - -
d5932d59 by Salvatore Bonaccorso at 2025-07-28T17:09:58+02:00
Update some Linux CVEs based on kernel-sec information
- - - - -
63a3a3e9 by Thorsten Alteholz at 2025-07-28T18:28:06+02:00
Reserve DLA-4258-1 for libfastjson
- - - - -
67e68614 by Salvatore Bonaccorso at 2025-07-28T19:05:30+02:00
Merge Linux CVEs from kernel-sec
- - - - -
eaa15aae by Roberto C. Sánchez at 2025-07-28T13:08:43-04:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Roberto C. Sánchez <roberto at debian.org>
- - - - -
57ef0a98 by Salvatore Bonaccorso at 2025-07-28T19:25:57+02:00
Add CVE-2025-53882/mailman3
- - - - -
f58f993a by Salvatore Bonaccorso at 2025-07-28T19:31:12+02:00
CVE-2024-58265/rust-snow assigned
- - - - -
457bc93c by Salvatore Bonaccorso at 2025-07-28T19:33:29+02:00
Mark CVE-2024-58264 as NFU
- - - - -
43e8ee1f by Salvatore Bonaccorso at 2025-07-28T19:35:07+02:00
CVE-2023-53161/rust-buffered-reader assigned
- - - - -
188cd679 by Salvatore Bonaccorso at 2025-07-28T19:36:34+02:00
CVE-2023-53160/rust-sequoia-openpgp assigned
- - - - -
1fbf8e25 by Guilhem Moulin at 2025-07-28T19:39:26+02:00
LTS: claim luajit and unbound in dla-needed.txt
- - - - -
e5922bb3 by Salvatore Bonaccorso at 2025-07-28T19:49:31+02:00
Add CVE-2023-53159/rust-openssl
- - - - -
92faec14 by Salvatore Bonaccorso at 2025-07-28T19:51:02+02:00
Add CVE-2023-53158/rust-gitoxide, itp'ed
- - - - -
4f21fe03 by Salvatore Bonaccorso at 2025-07-28T19:53:13+02:00
Add CVE-2023-53157 as NFU
- - - - -
62e13c8a by Salvatore Bonaccorso at 2025-07-28T19:54:59+02:00
Add CVE-2023-53156/rust-transpose
- - - - -
d33774e0 by Salvatore Bonaccorso at 2025-07-28T19:59:05+02:00
Add CVE-2022-50237/rust-curve25519-dalek
- - - - -
81fb03f7 by Salvatore Bonaccorso at 2025-07-28T21:19:49+02:00
Reference upstream issues for gnutls issues
- - - - -
6640fe6c by Salvatore Bonaccorso at 2025-07-28T21:27:53+02:00
Associate CVE-2025-49656 with apache-jena
- - - - -
0f372926 by Salvatore Bonaccorso at 2025-07-28T21:44:16+02:00
Reserve DSA number for php8.2 update
- - - - -
ab05dcf1 by Adrian Bunk at 2025-07-28T22:44:57+03:00
CVE-2025-48386/git does not affect the binaries in Debian
- - - - -
06eddf6a by Salvatore Bonaccorso at 2025-07-28T22:03:50+02:00
Update status for CVE-2025-27614
- - - - -
1dae8f7b by security tracker role at 2025-07-28T20:12:10+00:00
automatic update
- - - - -
588adc5a by security tracker role at 2025-07-28T20:13:44+00:00
automatic NOT-FOR-US entries update
- - - - -
9100c765 by Salvatore Bonaccorso at 2025-07-28T22:15:11+02:00
Mark CVE-2024-58263 as NFU
- - - - -
9e633fc8 by Salvatore Bonaccorso at 2025-07-28T22:17:49+02:00
CVE-2024-58262/rust-curve25519-dalek assigned
- - - - -
541b1580 by Salvatore Bonaccorso at 2025-07-28T22:19:52+02:00
CVE-2024-58261/rust-sequoia-openpgp assigned
- - - - -
7d29e4bb by Salvatore Bonaccorso at 2025-07-28T22:31:13+02:00
auto-nfu: Add another quite frequent product of code-projects
- - - - -
8d5c14c3 by Salvatore Bonaccorso at 2025-07-28T22:39:05+02:00
Add CVE-2025-8283/netavark
- - - - -
d2f44900 by Salvatore Bonaccorso at 2025-07-28T22:40:04+02:00
Process some NFUs
- - - - -
1df47c2b by Salvatore Bonaccorso at 2025-07-28T22:40:25+02:00
Add CVE-2025-54418/codeigniter, itp'ed
- - - - -
18ce70a3 by Salvatore Bonaccorso at 2025-07-29T07:31:48+02:00
Add ZDI reference for CVE-2025-38350/linux
- - - - -
7731ee46 by Salvatore Bonaccorso at 2025-07-29T07:49:53+02:00
CVE-2025-3808{4,5}: Provide Google p0 cross-reference
- - - - -
46f16c1c by Salvatore Bonaccorso at 2025-07-29T09:04:30+02:00
Add CVE-2025-8194/pythonAdd CVE-2025-8194/python
- - - - -
737a5cb4 by Salvatore Bonaccorso at 2025-07-29T09:06:48+02:00
Add CVE-2025-54419 as NFU
- - - - -
eac41e08 by Salvatore Bonaccorso at 2025-07-29T09:21:21+02:00
Update status for CVE-2025-54090/apache2
- - - - -
c64cf770 by Salvatore Bonaccorso at 2025-07-29T09:26:17+02:00
Track proposed update for apache2 via bookworm-pu
- - - - -
babc2074 by security tracker role at 2025-07-29T08:12:08+00:00
automatic update
- - - - -
d8eb2267 by security tracker role at 2025-07-29T08:13:00+00:00
automatic NOT-FOR-US entries update
- - - - -
a91cd7ad by Salvatore Bonaccorso at 2025-07-29T18:06:51+02:00
Process some NFUs
- - - - -
7dd2c2a8 by Salvatore Bonaccorso at 2025-07-29T18:07:45+02:00
Add CVE-2025-43023/hplip
- - - - -
58605e87 by security tracker role at 2025-07-29T20:12:05+00:00
automatic update
- - - - -
5edf0c46 by security tracker role at 2025-07-29T20:13:06+00:00
automatic NOT-FOR-US entries update
- - - - -
4963e5c4 by Salvatore Bonaccorso at 2025-07-29T22:35:07+02:00
Add CVE-2025-7458/sqlite3
- - - - -
c944f4f6 by Salvatore Bonaccorso at 2025-07-29T22:36:31+02:00
Process some NFUs
- - - - -
39ef0c8b by Salvatore Bonaccorso at 2025-07-29T22:37:25+02:00
Add CVE-2025-27514/glpi
- - - - -
a67ed16e by Bastien Roucariès at 2025-07-29T23:55:10+02:00
Add a note dla-needed/apache2
- - - - -
ea602894 by Bastien Roucariès at 2025-07-30T00:13:10+02:00
CVE-2024-43204/apache2
Add a prerequist commit before the fix for correctness
- - - - -
5e52e2ab by Utkarsh Gupta at 2025-07-30T04:31:13+05:30
Add sope to dla-needed
- - - - -
62667bf2 by Daniel Leidert at 2025-07-30T01:34:52+02:00
Add patch link for CVE-2025-48924
- - - - -
645e74f9 by Salvatore Bonaccorso at 2025-07-30T05:56:20+02:00
Reference upstream tag for CVE-2025-48924
- - - - -
73853c2e by Salvatore Bonaccorso at 2025-07-30T09:11:42+02:00
Sync status for CVE-2023-52735/linux with kernel-sec
- - - - -
0507a214 by Salvatore Bonaccorso at 2025-07-30T09:18:00+02:00
Add CVE-2025-38498/linux
- - - - -
76f815d8 by Salvatore Bonaccorso at 2025-07-30T09:20:28+02:00
Add CVE-2025-8292/chromium
- - - - -
78333d68 by Salvatore Bonaccorso at 2025-07-30T09:22:37+02:00
Add chromium for new issue
- - - - -
387d1ffc by Salvatore Bonaccorso at 2025-07-30T09:42:36+02:00
Add CVE-2025-7777 as NFU
- - - - -
9a243185 by Salvatore Bonaccorso at 2025-07-30T09:56:00+02:00
Add Debian bug reference for CVE-2025-2814/libcrypt-cbc-perl
- - - - -
1630fe1e by security tracker role at 2025-07-30T08:12:03+00:00
automatic update
- - - - -
9a266fe6 by security tracker role at 2025-07-30T08:12:59+00:00
automatic NOT-FOR-US entries update
- - - - -
730e4f08 by Salvatore Bonaccorso at 2025-07-30T10:58:37+02:00
Process some NFUs
- - - - -
bc42c775 by Salvatore Bonaccorso at 2025-07-30T11:00:38+02:00
Add CVE-2024-43018/piwigo
- - - - -
706fc77a by Salvatore Bonaccorso at 2025-07-30T11:01:03+02:00
Add CVE-2024-4264{4,5}/flashmq, itp'ed
- - - - -
c10ace57 by Utkarsh Gupta at 2025-07-30T16:41:30+05:30
Mark CVE-2025-23279 & CVE-2025-23286 as ignored for bullseye
- - - - -
6500e40f by Salvatore Bonaccorso at 2025-07-30T13:27:37+02:00
Document that CVE-2025-25724/libarchive is not yet fixed
- - - - -
0168cbb2 by Salvatore Bonaccorso at 2025-07-30T14:00:34+02:00
Update status for CVE-2024-36357 and CVE-2024-36350
- - - - -
2da8bf3c by Daniel Leidert at 2025-07-30T15:33:57+02:00
LTS: claim libcommons-lang3-java in dla-needed.txt
- - - - -
8d20b37d by Daniel Leidert at 2025-07-30T17:21:51+02:00
Mark Bullseye as not affected by CVE-2024-31584
The flatbuffer related code was introduced with version 1.11.0 it seems.
Bookworm contains the vulnerable code, though.
- - - - -
3b3c0894 by Salvatore Bonaccorso at 2025-07-30T17:48:46+02:00
Add note for sope in dsa-needed list
- - - - -
3bc6e7a6 by Chris Lamb at 2025-07-30T09:19:18-07:00
data/dla-needed.txt: Claim sope.
- - - - -
25072725 by Andres Salomon at 2025-07-30T13:39:13-04:00
chromium dsa
- - - - -
a8fc89f7 by Salvatore Bonaccorso at 2025-07-30T20:16:55+02:00
Mark python3.12 as removed from unstable
- - - - -
fcfb5183 by Salvatore Bonaccorso at 2025-07-30T20:19:59+02:00
Mark python3.12 as removed from everywhere supported
- - - - -
19bd45d8 by Salvatore Bonaccorso at 2025-07-30T20:41:47+02:00
Track fixed version for openjdk-8 issues fixed via unstable
- - - - -
4ed436ee by security tracker role at 2025-07-30T20:12:11+00:00
automatic update
- - - - -
95c6fbeb by security tracker role at 2025-07-30T20:13:03+00:00
automatic NOT-FOR-US entries update
- - - - -
cd4cc669 by Bastien Roucariès at 2025-07-30T22:41:45+02:00
CVE-2025-54090/apache2
Add introduced by commit
- - - - -
5583c717 by Salvatore Bonaccorso at 2025-07-30T22:46:38+02:00
Add CVE-2023-2593/linux
- - - - -
2c2b5e6d by Salvatore Bonaccorso at 2025-07-30T22:58:21+02:00
Process some NFUs
- - - - -
3aa3fb36 by Salvatore Bonaccorso at 2025-07-30T22:59:10+02:00
Add CVE-2025-54576/oauth2-proxy, itp'ed
- - - - -
5cc5096e by Salvatore Bonaccorso at 2025-07-30T22:59:46+02:00
Add CVE-2025-54572/ruby-saml
- - - - -
04c16ecb by Salvatore Bonaccorso at 2025-07-30T23:00:32+02:00
Add some new glpi issues
- - - - -
1d290286 by Salvatore Bonaccorso at 2025-07-30T23:02:02+02:00
Mark ruby-saml as removed from unstable
- - - - -
ab1e878c by Adrian Bunk at 2025-07-31T00:10:01+03:00
CVE-2025-7783/node-form-data: Already fixed in unstable
- - - - -
6f2fb995 by Carlos Henrique Lima Melara at 2025-07-30T19:17:29-03:00
Reserve DLA-4259-1 for systemd
- - - - -
6e195162 by Salvatore Bonaccorso at 2025-07-31T05:47:52+02:00
Revert "CVE-2025-7783/node-form-data: Already fixed in unstable"
This reverts commit ab1e878c9cdcd66744fe66bb619670d17de96a71.
See ff6a36c991533cea142e7ddeff6bdb69806093c0 .
There is pending confirmation from maintainer if issue is still
considered sufficiently fixed with the non-upstream patch.
- - - - -
ae950ca9 by Salvatore Bonaccorso at 2025-07-31T05:50:06+02:00
Track fixed version for git issues via unstable
- - - - -
797ba144 by Salvatore Bonaccorso at 2025-07-31T06:01:30+02:00
Track pending request of node-form-data for bookworm-pu
- - - - -
821284d0 by Salvatore Bonaccorso at 2025-07-31T06:57:49+02:00
Mark luajit issues as no-dsa
- - - - -
a6584af0 by Salvatore Bonaccorso at 2025-07-31T07:02:02+02:00
Reapply "CVE-2025-7783/node-form-data: Already fixed in unstable"
This reverts commit 6e195162d2332ff239aa379a037abc1e86949fc4.
Yadd confirmed this is sufficient fix and we will update as well the BTS
metadata to reflect that.
- - - - -
5e2ea7d1 by Salvatore Bonaccorso at 2025-07-31T09:41:11+02:00
Process some NFUs
- - - - -
16cb53ed by Salvatore Bonaccorso at 2025-07-31T09:41:54+02:00
Add two new docker.io issues
- - - - -
62074748 by security tracker role at 2025-07-31T08:11:55+00:00
automatic update
- - - - -
93a1831b by security tracker role at 2025-07-31T08:12:48+00:00
automatic NOT-FOR-US entries update
- - - - -
238e00b7 by Salvatore Bonaccorso at 2025-07-31T10:19:52+02:00
Process some NFUs
- - - - -
838990b2 by Emilio Pozuelo Monfort at 2025-07-31T13:14:29+02:00
CVE-2025-50059/openjdk-8 n/a
Only affects Oracle Java 8 perf.
- - - - -
1a2bc739 by Bastien Roucariès at 2025-07-31T14:16:20+02:00
dla-needed/ca-certificates
Add a note about ca-certificates
- - - - -
2686d07e by "Lee Garrett" at 2025-07-31T18:30:33+02:00
LTS: claim git in dla-needed.txt
- - - - -
ab3c161d by Adrian Bunk at 2025-07-31T20:14:05+03:00
dla: Add note about git updates done yesterday
- - - - -
6ffc6bf3 by Salvatore Bonaccorso at 2025-07-31T20:26:11+02:00
Add additional reference for CVE-2023-2593/linux
- - - - -
98960a90 by Salvatore Bonaccorso at 2025-07-31T20:33:08+02:00
Track fixed version for qemu issues via experimental
- - - - -
dfa7dd24 by Salvatore Bonaccorso at 2025-07-31T20:51:33+02:00
Reserve DSA number for redis update
- - - - -
2610bcfa by security tracker role at 2025-07-31T20:12:08+00:00
automatic update
- - - - -
3c1de78b by security tracker role at 2025-07-31T20:12:57+00:00
automatic NOT-FOR-US entries update
- - - - -
da5a5f1b by Salvatore Bonaccorso at 2025-07-31T22:35:11+02:00
Process some NFUs
- - - - -
dbce8fc5 by Salvatore Bonaccorso at 2025-07-31T22:35:47+02:00
Add CVE-2025-45770/php-lcobucci-jwt
- - - - -
233d8a47 by Salvatore Bonaccorso at 2025-07-31T22:36:12+02:00
Add two jspwiki issues
- - - - -
e65ef1dd by Salvatore Bonaccorso at 2025-07-31T22:37:54+02:00
Associate some old NFUs with itp'ed entry for gestioip
- - - - -
c1d5c5f8 by Salvatore Bonaccorso at 2025-07-31T22:46:10+02:00
Add CVE-2024-4227/gsoap
- - - - -
56f7a21e by Salvatore Bonaccorso at 2025-07-31T22:48:37+02:00
Add CVE-2025-53399/rtpengine
- - - - -
50fb7bd9 by Salvatore Bonaccorso at 2025-07-31T22:49:33+02:00
Add reference for advisory for CVE-2025-53399
- - - - -
ff8a88f3 by Salvatore Bonaccorso at 2025-07-31T22:59:57+02:00
Reserve DSA number for sope update
- - - - -
fd5bab78 by Utkarsh Gupta at 2025-08-01T02:32:36+05:30
Add a note for sope
- - - - -
1aa37475 by Chris Lamb at 2025-07-31T14:05:27-07:00
Reserve DLA-4260-1 for sope and add a note.
- - - - -
d0d80079 by Chris Lamb at 2025-07-31T15:24:01-07:00
Reserve DLA-4261-1 for node-form-data
- - - - -
51b92a55 by Daniel Leidert at 2025-08-01T04:30:47+02:00
LTS: claim libcommons-lang-java in dla-needed.txt
- - - - -
8fdd44f9 by Daniel Leidert at 2025-08-01T05:17:17+02:00
Reserve DLA-4262-1 for libcommons-lang-java
- - - - -
2546db1e by Salvatore Bonaccorso at 2025-08-01T07:32:39+02:00
CVE-2025-8454/devscripts assigned
- - - - -
899bba1b by Salvatore Bonaccorso at 2025-08-01T07:35:05+02:00
Mark CVE-2025-8454 as no-dsa for trixie and bookworm
- - - - -
9a7f152a by Salvatore Bonaccorso at 2025-08-01T09:09:26+02:00
Track fixed version via experimental for nvidia-graphics-drivers issues
- - - - -
4aadd7df by Salvatore Bonaccorso at 2025-08-01T09:10:40+02:00
Track fixed via experimental for nvidia-open-gpu-kernel-modules issues
- - - - -
988d05ea by Salvatore Bonaccorso at 2025-08-01T09:22:04+02:00
Add CVE-2023-32251/linux
- - - - -
aebfdb2a by Salvatore Bonaccorso at 2025-08-01T09:38:55+02:00
Add new openexr issues
- - - - -
60849896 by security tracker role at 2025-08-01T08:12:56+00:00
automatic update
- - - - -
5f47fd5e by security tracker role at 2025-08-01T08:13:46+00:00
automatic NOT-FOR-US entries update
- - - - -
6b36b08d by Salvatore Bonaccorso at 2025-08-01T10:15:44+02:00
Process some NFUs
- - - - -
29db0f84 by Sylvain Beucler at 2025-08-01T19:58:26+02:00
dla: drop golang-golang-x-net
As discussed with FD and prior FD on #debian-lts, after ah expressed
difficulties with the update:
The golang ecosystem has limited support. This looks like a core
package, apparently 80 packages need to be (statically) rebuilt.
There's no plans to fix this is bookworm, all CVEs are <no-dsa>, hence
this is low-priority.
There's currently no LTS sponsors, so there no particular reason to be
proactive here.
Hence dropping the package for now, too much effort for too little gain.
- - - - -
d8eff777 by Bastien Roucariès at 2025-08-01T21:26:25+02:00
dla-needed: add a note about ca-certificates-java
- - - - -
0c674f3e by Salvatore Bonaccorso at 2025-08-01T21:33:09+02:00
Two CVEs originally for Bootstrap rejected
In the end the were not security issues in Bootstrap. Bootstrap’s
JavaScript is not intended to sanitize unsafe or intentionally dangerous
HTML. As such, the reported behavior fell outside the scope of
Bootstrap’s security model, and the associated CVE has been rescinded.
- - - - -
f9df2ca1 by Salvatore Bonaccorso at 2025-08-01T21:36:23+02:00
Add CVE-2023-32256/linux
- - - - -
36b3c750 by security tracker role at 2025-08-01T20:12:13+00:00
automatic update
- - - - -
b596d7e3 by security tracker role at 2025-08-01T20:13:07+00:00
automatic NOT-FOR-US entries update
- - - - -
79b8eaa6 by Salvatore Bonaccorso at 2025-08-02T00:29:57+02:00
Process some NFUs
- - - - -
1af9f643 by Salvatore Bonaccorso at 2025-08-02T00:30:24+02:00
Add CVE-2025-54593/freshrss, itp'ed
- - - - -
cfdd852d by Salvatore Bonaccorso at 2025-08-02T00:31:24+02:00
Associate some NFUs with itp'ed entry for freshrss
- - - - -
a5d43be2 by Salvatore Bonaccorso at 2025-08-02T00:38:59+02:00
Add CVE-2025-54574/squid
- - - - -
b754ef29 by Salvatore Bonaccorso at 2025-08-02T00:45:00+02:00
Two openexr issues are actually not clear not-affected, back to unfixed and add TODO
- - - - -
564c4d09 by Salvatore Bonaccorso at 2025-08-02T08:18:37+02:00
Add CVE-2025-48074/openexr
- - - - -
653a1a63 by Salvatore Bonaccorso at 2025-08-02T08:44:23+02:00
Update status for CVE-2025-48072
- - - - -
affd6205 by Salvatore Bonaccorso at 2025-08-02T08:49:16+02:00
Update status for CVE-2025-48073
- - - - -
554a923f by Salvatore Bonaccorso at 2025-08-02T09:05:51+02:00
Update status for CVE-2025-48074
- - - - -
cdb48ee5 by security tracker role at 2025-08-02T08:12:10+00:00
automatic update
- - - - -
0f27d8d8 by security tracker role at 2025-08-02T08:13:02+00:00
automatic NOT-FOR-US entries update
- - - - -
78cffbce by Salvatore Bonaccorso at 2025-08-02T11:15:28+02:00
Add CVE-2025-54386/traefik, itp'ed
- - - - -
78e43262 by Salvatore Bonaccorso at 2025-08-02T11:19:14+02:00
Process some NFUs
- - - - -
5d476c2b by Salvatore Bonaccorso at 2025-08-02T11:20:38+02:00
Add CVE-2025-45767/node-jose
- - - - -
670e14a4 by Salvatore Bonaccorso at 2025-08-02T11:21:12+02:00
Add CVE-2025-45768pyjwt
- - - - -
38e52249 by Salvatore Bonaccorso at 2025-08-02T12:59:35+02:00
Add Debian bug reference for CVE-2023-53156/rust-transpose
- - - - -
9b6ecd7f by Salvatore Bonaccorso at 2025-08-02T13:02:54+02:00
Add Debian bug reference for CVE-2025-48074/openexr
- - - - -
f00fca02 by Salvatore Bonaccorso at 2025-08-02T13:05:04+02:00
Add Debian bug reference for CVE-2025-49656/apache-jena
- - - - -
5f05522b by Salvatore Bonaccorso at 2025-08-02T13:12:47+02:00
Add CVE-2024-13978
- - - - -
efb5e193 by Salvatore Bonaccorso at 2025-08-02T15:28:14+02:00
Mark CVE-2025-48074 as no-dsa
- - - - -
e8c23578 by Salvatore Bonaccorso at 2025-08-02T16:45:37+02:00
Track fixed version for one chromium issue fixed via unstable
- - - - -
a9cba592 by Salvatore Bonaccorso at 2025-08-02T20:55:26+02:00
Update association for CVE-2015-10141
- - - - -
d7d6d355 by security tracker role at 2025-08-02T20:12:38+00:00
automatic update
- - - - -
ce36b97a by security tracker role at 2025-08-02T20:13:32+00:00
automatic NOT-FOR-US entries update
- - - - -
48e462f6 by Chris Lamb at 2025-08-02T13:51:57-07:00
DLA-4260-1 now released.
- - - - -
3d792b85 by Salvatore Bonaccorso at 2025-08-03T07:51:48+02:00
Remove notes from now rejected CVE
The issue was found to be not a security issue.
- - - - -
ca3f4ec7 by Salvatore Bonaccorso at 2025-08-03T08:06:37+02:00
data/config.json: Update mapping release -> codenames
Make bullseye the oldoldstable distribution, bookworm the oldstable
distribution and trixie the new stable distribution.
Mark forky as the new testing distribution and sync supported
architecture lists for now with the cut-off as given for trixie.
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
dd8d2908 by Salvatore Bonaccorso at 2025-08-03T08:06:38+02:00
DSA.template: Add support for oldstable version information in DSA
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
(cherry picked from commit 60ee1a97c3a0ee1cab16b250222d7faa4578ced7)
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
fc9012bc by Salvatore Bonaccorso at 2025-08-03T08:06:38+02:00
List packages from oldstable and stable for dsa-needed list
Include in listing the oldstable distribution by enabling the boolean
value "include_oldstable" to true and so enabling the including logic
later on in the script.
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
(cherry picked from commit 1187d7c8638ffaf2dd7a4900122fb06882d5e65e)
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
1ed3e7a3 by Salvatore Bonaccorso at 2025-08-03T08:06:38+02:00
distributions.json: Mark trixie as supported by the Debian security team
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
4a68448e by Salvatore Bonaccorso at 2025-08-03T08:07:31+02:00
Move next-point-update.txt to next-oldstable-point-update.txt
All what is potentially pending for the next bookworm point release is
not to be considered for the next stable point update. Make an empty
list for trixie (stable).
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
51eb4748 by Salvatore Bonaccorso at 2025-08-03T08:47:25+02:00
Process one NFU
- - - - -
82612e15 by Salvatore Bonaccorso at 2025-08-03T08:47:56+02:00
Add CVE-2025-49832/asterisk
- - - - -
4662c839 by Salvatore Bonaccorso at 2025-08-03T08:51:46+02:00
Review missing suffixes for 2007 DSAs
Based on
https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/224
check 2007 DSAs and merge the changes from tkarsh Gupta.
Link: https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/224/
Link: https://salsa.debian.org/security-tracker-team/security-tracker/-/issues/28
- - - - -
4a654508 by Salvatore Bonaccorso at 2025-08-03T09:28:45+02:00
Add reference for collection on fixes for CVE-2025-53399
- - - - -
dd28c261 by Salvatore Bonaccorso at 2025-08-03T09:35:47+02:00
Add Debian bug reference for CVE-2025-53399/rtpengine
- - - - -
c466b634 by Salvatore Bonaccorso at 2025-08-03T09:44:17+02:00
Build new cross-references after suffix addition to some old DSAs
- - - - -
e69d5fc9 by Salvatore Bonaccorso at 2025-08-03T09:45:40+02:00
Add Debian bug reference for CVE-2025-49832/asterisk
- - - - -
ff6b1754 by Salvatore Bonaccorso at 2025-08-03T09:46:09+02:00
Add Debian bug reference for CVE-2025-45768/pyjwt
- - - - -
9f5eabf0 by security tracker role at 2025-08-03T08:12:13+00:00
automatic update
- - - - -
c918f304 by security tracker role at 2025-08-03T08:13:07+00:00
automatic NOT-FOR-US entries update
- - - - -
9c67537c by Salvatore Bonaccorso at 2025-08-03T10:19:18+02:00
Process some NFUs
- - - - -
c8549676 by Salvatore Bonaccorso at 2025-08-03T10:21:42+02:00
Add CVE-2025-54955/opennebula
- - - - -
8dfa56f3 by Salvatore Bonaccorso at 2025-08-03T10:23:12+02:00
Add new iperf3 issues
- - - - -
99744aa7 by Salvatore Bonaccorso at 2025-08-03T10:29:32+02:00
Add CVE-2023-32255/linux
- - - - -
14296d0f by Salvatore Bonaccorso at 2025-08-03T10:33:18+02:00
Add CVE-2023-32253/linux
- - - - -
833c3215 by Abhijith PA at 2025-08-03T14:05:14+05:30
update note in dla-needed.txt
- - - - -
62a62ffd by Salvatore Bonaccorso at 2025-08-03T11:55:49+02:00
Track fixed version for redict issues
- - - - -
8e879f82 by Salvatore Bonaccorso at 2025-08-03T12:19:40+02:00
Track fixed version for asterisk issue fixed via unstable upload
- - - - -
75a208b9 by Salvatore Bonaccorso at 2025-08-03T13:07:25+02:00
Update status for CVE-2015-10141
- - - - -
0646b1cf by Salvatore Bonaccorso at 2025-08-03T14:08:37+02:00
Update CVE-2024-10041: Add follow fix and ignore for bookworm
As reported by Bastien Roucaries, in https://bugs.debian.org/1110326
the fix for this issue will require changes to apparmor profiles as
well. As the issue is minor ignore it for now unless apparmor in stable
get a profile update.
Link: https://bugs.debian.org/1110326
- - - - -
0004ee98 by Salvatore Bonaccorso at 2025-08-03T14:49:41+02:00
Add initial mapping for WebKitGTK and WPE WebKit issues from WSA-2025-0005
- - - - -
6e50ace6 by Salvatore Bonaccorso at 2025-08-03T17:22:42+02:00
Update status for CVE-2025-54351/iperf3
- - - - -
a999c936 by Salvatore Bonaccorso at 2025-08-03T17:26:31+02:00
Update status for CVE-2025-54350/iperf3
- - - - -
27421309 by Salvatore Bonaccorso at 2025-08-03T17:39:02+02:00
Update status for CVE-2025-54349/iperf3
- - - - -
e3216950 by Salvatore Bonaccorso at 2025-08-03T18:55:44+02:00
Update status for CVE-2025-8042/firefox
- - - - -
e8ab262c by Salvatore Bonaccorso at 2025-08-03T19:03:24+02:00
Correct entry for historic DSA-1237-1
Wile fixing the suffix, as the advisory went out with the -1 suffix,
adjust as well the associationg to the source-package which was wrong.
The update did fix src:kernel-source-2.4.27 with the version
2.4.27-10sarge5.
Links: https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/224
- - - - -
34ca1383 by Salvatore Bonaccorso at 2025-08-03T19:11:54+02:00
Review first batch of DSA suffixes from 2006
While at it remove as well one left-over no-dsa tagged entry which was
included in the DSA for texinfo (DSA-1219-1).
Thanks: Utkarsh Gupta
Link: https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/224
- - - - -
3095a56c by Salvatore Bonaccorso at 2025-08-03T19:15:15+02:00
Complete tracking of fixes in DSA-1214-2/1 for gv
- - - - -
2b509f31 by Salvatore Bonaccorso at 2025-08-03T19:25:09+02:00
Review a small set of 2006 DSAs for correct suffix
Link: https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/224
- - - - -
deb7ba89 by Bastien Roucariès at 2025-08-03T19:54:40+02:00
CVE-2024-10041/pam bullseye
Follow bookworm and mark as ignored. May break loggin
- - - - -
54f6451e by Salvatore Bonaccorso at 2025-08-03T20:33:37+02:00
Update status for CVE-2025-53399/rtpengine
- - - - -
29c3c8b9 by Salvatore Bonaccorso at 2025-08-03T20:41:37+02:00
Correct references for CVE-2025-5362{8,9}/cpp-httplib
- - - - -
fedbe1f1 by security tracker role at 2025-08-03T20:12:08+00:00
automatic update
- - - - -
bf2bc116 by Utkarsh Gupta at 2025-08-04T06:03:32+05:30
Add notes for ruby-graphql
- - - - -
01905f58 by Utkarsh Gupta at 2025-08-04T06:15:56+05:30
Mark CVE-2025-48074/openexr as postponed for bullseye
- - - - -
38d04e8c by Utkarsh Gupta at 2025-08-04T06:17:50+05:30
Mark CVE-2025-8194/python3.9 as postponed for bullseye
- - - - -
d65ccdbf by Utkarsh Gupta at 2025-08-04T06:23:33+05:30
Take ruby-saml for bullseye as doing that work for DSA
- - - - -
4f106d17 by Utkarsh Gupta at 2025-08-04T06:26:45+05:30
Add webkit2gtk to dla-needed
- - - - -
bad954c7 by Utkarsh Gupta at 2025-08-04T06:36:56+05:30
Reserve DLA-4263-1 for ruby-graphql
- - - - -
bf6e5037 by Adrian Bunk at 2025-08-04T06:32:15+03:00
Reserve DLA-4264-1 for exempi
- - - - -
0b773012 by Salvatore Bonaccorso at 2025-08-04T05:34:11+02:00
Process some NFUs
- - - - -
8e5f8aa9 by Salvatore Bonaccorso at 2025-08-04T05:43:01+02:00
Add Debian bug reference for iperf3 issues
- - - - -
e006dd0b by Abhijith PA at 2025-08-04T11:48:32+05:30
reclaim nextcloud-desktop in dla-needed.txt
- - - - -
b324baa9 by Emilio Pozuelo Monfort at 2025-08-04T09:19:00+02:00
lts: take webkit2gtk
- - - - -
4e9e3435 by security tracker role at 2025-08-04T08:12:09+00:00
automatic update
- - - - -
1a76444d by security tracker role at 2025-08-04T08:13:00+00:00
automatic NOT-FOR-US entries update
- - - - -
e9b02f6b by Salvatore Bonaccorso at 2025-08-04T11:09:43+02:00
Process some NFUs
- - - - -
ab6a1718 by Adrian Bunk at 2025-08-04T13:03:53+03:00
dla: add notes
- - - - -
b663acb4 by Salvatore Bonaccorso at 2025-08-04T21:08:09+02:00
Track fix via experimental for CVE-2025-7394/wolfssl
- - - - -
107a7b4f by Roberto C. Sánchez at 2025-08-04T15:09:35-04:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Roberto C. Sánchez <roberto at debian.org>
- - - - -
8b91cf52 by Salvatore Bonaccorso at 2025-08-04T21:19:22+02:00
Mark CVE-2025-27407 as no-dsa for bookworm
- - - - -
cfa13059 by Salvatore Bonaccorso at 2025-08-04T21:45:47+02:00
Update status for CVE-2025-45767/node-jose
- - - - -
aec85920 by Salvatore Bonaccorso at 2025-08-04T21:47:22+02:00
Add Debian bug reference for CVE-2025-43023/hplip
- - - - -
861c3d80 by Salvatore Bonaccorso at 2025-08-04T22:05:21+02:00
Add Debian bug reference for CVE-2025-54410/docker.io
- - - - -
32ade6b0 by Salvatore Bonaccorso at 2025-08-04T22:06:17+02:00
Update status for CVE-2025-54388 according to upstream
- - - - -
6224e40a by security tracker role at 2025-08-04T20:12:42+00:00
automatic update
- - - - -
be031f53 by security tracker role at 2025-08-04T20:14:13+00:00
automatic NOT-FOR-US entries update
- - - - -
5bbf10b7 by Salvatore Bonaccorso at 2025-08-04T22:23:44+02:00
Process some NFUs
- - - - -
732d6719 by Salvatore Bonaccorso at 2025-08-04T22:31:44+02:00
Add CVE-2025-46206/mupdf
- - - - -
b577bc21 by Salvatore Bonaccorso at 2025-08-04T22:39:09+02:00
Add two new poppler issues
- - - - -
7dc751c3 by Bastien Roucariès at 2025-08-04T23:59:17+02:00
Add wordpress to dla-needed
- - - - -
5a7bdb93 by Bastien Roucariès at 2025-08-05T00:01:31+02:00
dla-needed add docker.io
- - - - -
b81d39a0 by Bastien Roucariès at 2025-08-05T00:06:36+02:00
CVE-2025-54410/moby
Add commit fixing
- - - - -
77853393 by Bastien Roucariès at 2025-08-05T00:24:37+02:00
dla-needed add iperf3
- - - - -
1c9159a8 by Bastien Roucariès at 2025-08-05T00:28:18+02:00
Add dla-needed jackrabbit
- - - - -
907fde0a by Bastien Roucariès at 2025-08-05T00:30:30+02:00
dla-needed add libhtp
- - - - -
a5b8ba9e by Bastien Roucariès at 2025-08-05T00:33:37+02:00
dla-needed add mupdf
- - - - -
79583613 by Bastien Roucariès at 2025-08-05T00:37:44+02:00
CVE-2025-8262/node-yarnpkg bullseye
Minor ReDoS
- - - - -
9c573627 by Bastien Roucariès at 2025-08-05T00:42:42+02:00
dla-needed add sqlite
- - - - -
abb954a7 by Adrian Bunk at 2025-08-05T04:04:13+03:00
dla: take iperf3
- - - - -
abe4a191 by Adrian Bunk at 2025-08-05T05:38:36+03:00
dla: take jackrabbit
- - - - -
abf0541f by Adrian Bunk at 2025-08-05T06:01:49+03:00
CVE-2025-54410/docker.io: Link to prerequisite changes for older versions
- - - - -
abf40378 by Adrian Bunk at 2025-08-05T06:04:23+03:00
dla: take libhtp
- - - - -
f357c7ad by Salvatore Bonaccorso at 2025-08-05T05:35:25+02:00
Refer to non-merge commit for CVE-2025-54410
- - - - -
480d7f60 by Salvatore Bonaccorso at 2025-08-05T05:39:41+02:00
Drop notes
There are two distinct CVEs and the CVE-2025-54388 specifically does not
affect older versions than 28.2.0. CVE-2025-54410 OTOH does affect
olders series and is fixed in 25.0.13 as well for 25.0 branch. Keep
those two separate.
- - - - -
96012aa8 by Salvatore Bonaccorso at 2025-08-05T06:44:08+02:00
Track fixed version for two iperf3 issues via unstable
- - - - -
1657cd9e by Salvatore Bonaccorso at 2025-08-05T07:41:21+02:00
Clarify status for libxslt
- - - - -
1c2b5100 by Salvatore Bonaccorso at 2025-08-05T08:30:26+02:00
Add CVE-2025-46094 as NFU
- - - - -
5bd2ab92 by Emilio Pozuelo Monfort at 2025-08-05T09:41:00+02:00
lts: reclaim openjdk-17 and update notes
- - - - -
0fe13845 by security tracker role at 2025-08-05T08:12:07+00:00
automatic update
- - - - -
6515f438 by security tracker role at 2025-08-05T08:12:59+00:00
automatic NOT-FOR-US entries update
- - - - -
75b66605 by Salvatore Bonaccorso at 2025-08-05T10:47:03+02:00
auto-nfu: Add description based rule for Portabilis
- - - - -
b7d15072 by Salvatore Bonaccorso at 2025-08-05T10:47:37+02:00
Process some NFUs
- - - - -
4ec35611 by Salvatore Bonaccorso at 2025-08-05T12:16:16+02:00
Update notes for VE-2025-54349, CVE-2025-54350 and CVE-2025-54351
Mark issues as to be fixed via point release.
CVE-2025-54349 requires SSL authentication enabled to be exploited.
CVE-2025-54350, samewise but will be before authentication.
- - - - -
a0badbc5 by Utkarsh Gupta at 2025-08-05T20:12:59+05:30
Take wordpress for DLA
- - - - -
56ad247a by Salvatore Bonaccorso at 2025-08-05T18:00:41+02:00
Note that Utkarsh plans to contribute wordpress update
- - - - -
30d1702a by Salvatore Bonaccorso at 2025-08-05T18:05:06+02:00
Add CVE-2025-54874/openjpeg2
- - - - -
ff05e2fd by Salvatore Bonaccorso at 2025-08-05T20:21:05+02:00
Add Debian bug reference for CVE-2025-54874/openjpeg2
- - - - -
1278a09b by Bastien Roucariès at 2025-08-05T21:41:44+02:00
Add ros-ros-com to dla-needed
- - - - -
b05ca531 by Salvatore Bonaccorso at 2025-08-05T21:57:05+02:00
Add CVE-2025-8534/tiff
- - - - -
396cb1f4 by Salvatore Bonaccorso at 2025-08-05T22:02:56+02:00
Process some NFUs
- - - - -
0d80906c by Salvatore Bonaccorso at 2025-08-05T22:03:22+02:00
Add CVE-2025-54802/pyload, itp'ed
- - - - -
96079c48 by Salvatore Bonaccorso at 2025-08-05T22:04:16+02:00
Add CVE-2025-54119/libphp-adodb
- - - - -
ecaa8fbc by Salvatore Bonaccorso at 2025-08-05T22:06:57+02:00
Add new set of chromium issues
- - - - -
351c5de7 by Salvatore Bonaccorso at 2025-08-05T22:09:20+02:00
Add chromium to dsa-needed list
- - - - -
620b8f5d by security tracker role at 2025-08-05T20:12:12+00:00
automatic update
- - - - -
2c601c20 by security tracker role at 2025-08-05T20:13:42+00:00
automatic NOT-FOR-US entries update
- - - - -
b37a5602 by Salvatore Bonaccorso at 2025-08-05T22:22:04+02:00
Add additional reference for CVE-2022-29977/libsixel
- - - - -
2e6f4e2e by Salvatore Bonaccorso at 2025-08-05T22:33:15+02:00
Process some NFUs
- - - - -
26b30eb0 by Salvatore Bonaccorso at 2025-08-05T22:35:09+02:00
Add CVE-2025-7844/wolftpm
- - - - -
b1ab1891 by Salvatore Bonaccorso at 2025-08-05T22:46:27+02:00
Reassign CVE-2025-50422 to track fix in cairo
- - - - -
741d17c6 by Salvatore Bonaccorso at 2025-08-05T22:51:51+02:00
Mark CVE-2025-54119 as no-dsa
- - - - -
45c22190 by Salvatore Bonaccorso at 2025-08-05T22:52:57+02:00
Add Debian bug reference for CVE-2025-50420/poppler
- - - - -
6f456ddc by Salvatore Bonaccorso at 2025-08-05T22:59:17+02:00
Add Debian bug reference for CVE-2025-54119/libphp-adodb
- - - - -
946bf7e2 by Bastien Roucariès at 2025-08-05T23:29:19+02:00
dla-needed: add SQUID
- - - - -
48df7b57 by Salvatore Bonaccorso at 2025-08-06T06:12:03+02:00
Track fixes for chromium via unstable
- - - - -
8c17dde7 by Bastien Roucariès at 2025-08-06T08:38:17+02:00
CVE-2024-47874/starlette [bullseye]
Classify as postponed:
- DoS
- will not trigger in all the case
- - - - -
c548e35a by Bastien Roucariès at 2025-08-06T08:40:52+02:00
dla-needed: status for PAM
- - - - -
73170411 by Salvatore Bonaccorso at 2025-08-06T09:22:42+02:00
Add CVE-2025-8556/golang-github-cloudflare-circl
- - - - -
d792b8cb by Bastien Roucariès at 2025-08-06T09:29:06+02:00
Add dla-needed hplip
- - - - -
e313e415 by security tracker role at 2025-08-06T08:12:17+00:00
automatic update
- - - - -
343222c0 by security tracker role at 2025-08-06T08:13:11+00:00
automatic NOT-FOR-US entries update
- - - - -
fbe2f1cf by Salvatore Bonaccorso at 2025-08-06T10:46:26+02:00
Process some NFUs
- - - - -
6bb496b2 by Salvatore Bonaccorso at 2025-08-06T10:49:07+02:00
add CVE-2025-54879/mastodon, itp'ed
- - - - -
d2d856dd by Salvatore Bonaccorso at 2025-08-06T12:54:24+02:00
Add Google p0 reference for CVE-2025-38236
- - - - -
f0563a68 by Salvatore Bonaccorso at 2025-08-06T15:46:25+02:00
Deassociate CVE-2025-43023 from the hplip source package
The CVE is assigned for the use of a DSA key for signing the upstream
installer.
Thanks: Adrian Bunk
- - - - -
ab407a1e by Adrian Bunk at 2025-08-06T17:17:58+03:00
dla: remove hplip
See #1110407 and commit f0563a68
- - - - -
6e0d0e88 by Salvatore Bonaccorso at 2025-08-06T16:42:01+02:00
Process some NFUs
- - - - -
b983331c by Salvatore Bonaccorso at 2025-08-06T19:15:11+02:00
Add three CVEs for the dead fork libav of ffmpeg
- - - - -
50abe5e2 by Chris Lamb at 2025-08-06T10:32:02-07:00
data/dla-needed.txt: Claim mupdf.
- - - - -
c674b9b9 by Salvatore Bonaccorso at 2025-08-06T19:58:25+02:00
Document embedded copy of fpdi in icingaweb2-module-pdfexport
- - - - -
83f84a88 by Salvatore Bonaccorso at 2025-08-06T19:59:38+02:00
Process some NFUs
- - - - -
99c7a2eb by Salvatore Bonaccorso at 2025-08-06T20:03:26+02:00
Add CVE-2025-54869/icingaweb2-module-pdfexport
- - - - -
db28c77a by Salvatore Bonaccorso at 2025-08-06T20:04:25+02:00
Add CVE-2025-54571/modsecurity-apache
- - - - -
45b7b93e by Salvatore Bonaccorso at 2025-08-06T20:05:22+02:00
Add CVE-2012-10024/xbmc
- - - - -
4e995b14 by Salvatore Bonaccorso at 2025-08-06T20:05:57+02:00
Add CVE-2025-54956/r-cran-gh
- - - - -
fa1114f0 by Salvatore Bonaccorso at 2025-08-06T20:12:37+02:00
Unify comments in embedded-code-copies
- - - - -
e2ee50a5 by Salvatore Bonaccorso at 2025-08-06T20:31:09+02:00
Add Debian bug reference for CVE-2025-54571/modsecurity-apache
- - - - -
e29f8bd1 by Salvatore Bonaccorso at 2025-08-06T20:35:03+02:00
Add Debian bug reference for CVE-2025-46206/mupdf
- - - - -
92b4c937 by Salvatore Bonaccorso at 2025-08-06T20:35:50+02:00
Add Debian bug reference for CVE-2025-54956/r-cran-gh
- - - - -
1fc6da32 by Salvatore Bonaccorso at 2025-08-06T20:36:57+02:00
Mark CVE-2025-46206/mupdf as no-dsa
- - - - -
d14a5b7e by Andres Salomon at 2025-08-06T15:20:39-04:00
chromium dsa
- - - - -
af1ceb1a by security tracker role at 2025-08-06T20:12:14+00:00
automatic update
- - - - -
ea9153aa by security tracker role at 2025-08-06T20:13:43+00:00
automatic NOT-FOR-US entries update
- - - - -
b1c4115c by Salvatore Bonaccorso at 2025-08-06T22:31:13+02:00
Process some NFUs
- - - - -
ec9c0919 by Salvatore Bonaccorso at 2025-08-06T22:45:18+02:00
Process some NFUs
- - - - -
ba7a988d by Salvatore Bonaccorso at 2025-08-06T22:46:06+02:00
Add CVE-2025-8419/keycloak
- - - - -
555f3746 by Salvatore Bonaccorso at 2025-08-06T22:48:20+02:00
Add CVE-2025-45766/poco, but not yet clear status
- - - - -
988b2d30 by Daniel Leidert at 2025-08-07T06:00:49+02:00
LTS: claim pytorch in dla-needed.txt
- - - - -
78f009cf by Daniel Leidert at 2025-08-07T06:00:57+02:00
LTS: claim u-boot in dla-needed.txt
- - - - -
838ced43 by Salvatore Bonaccorso at 2025-08-07T06:10:36+02:00
Track fixed version for CVE-2025-46206/mupdf via unstable
- - - - -
5e9ad792 by Salvatore Bonaccorso at 2025-08-07T07:01:00+02:00
Mark CVE-2025-54571/modsecurity-apache as no-dsa
- - - - -
f85d08c7 by Salvatore Bonaccorso at 2025-08-07T08:45:49+02:00
Mark CVE-2025-8101 as NFU
- - - - -
602ef254 by Salvatore Bonaccorso at 2025-08-07T08:48:37+02:00
Drop missclassified CVE-2025-6499 as NFU for linkifyjs and add todo
- - - - -
4287524b by Salvatore Bonaccorso at 2025-08-07T08:49:08+02:00
Add embedded copy tracking for libucl in rspamd
- - - - -
bb4c246d by security tracker role at 2025-08-07T08:12:06+00:00
automatic update
- - - - -
c8a5d799 by security tracker role at 2025-08-07T08:13:26+00:00
automatic NOT-FOR-US entries update
- - - - -
65adea1b by Salvatore Bonaccorso at 2025-08-07T10:24:08+02:00
Process some NFUs
- - - - -
1eff8cda by Salvatore Bonaccorso at 2025-08-07T10:35:39+02:00
Add CVE-2025-54799/golang-github-xenolf-lego
- - - - -
3684a6b6 by Bastien Roucariès at 2025-08-07T13:00:39+02:00
dla-needed: add wolfssl
- - - - -
f76918f6 by Bastien Roucariès at 2025-08-07T13:07:10+02:00
dla-needed: libphp-adodb
- - - - -
2a5d4d41 by Salvatore Bonaccorso at 2025-08-07T19:26:43+02:00
Add CVE-2025-47906/go
- - - - -
cd5678ef by Salvatore Bonaccorso at 2025-08-07T19:30:00+02:00
Add CVE-2025-47907/go
- - - - -
6c1920e3 by Salvatore Bonaccorso at 2025-08-07T20:30:46+02:00
Add CVE-2025-54798/node-tmp
- - - - -
52f8869a by Salvatore Bonaccorso at 2025-08-07T20:56:02+02:00
Add CVE-2025-3770/edk2
- - - - -
f4430ddd by Salvatore Bonaccorso at 2025-08-07T20:59:12+02:00
auto-nfu: Add another covered product for checkpoint CNA
- - - - -
33f83df9 by Salvatore Bonaccorso at 2025-08-07T21:00:14+02:00
Process some NFUs
- - - - -
4190cead by Salvatore Bonaccorso at 2025-08-07T21:45:18+02:00
Add notes on mitigations on libxml2 for CVE-2025-7425/libxslt
- - - - -
4a6b1a0b by Salvatore Bonaccorso at 2025-08-07T22:01:36+02:00
Add Debian bug reference for CVE-2025-54799
- - - - -
ad1a9adb by Salvatore Bonaccorso at 2025-08-07T22:02:24+02:00
Add Debian bug reference for CVE-2025-54798/node-tmp
- - - - -
49ec4109 by security tracker role at 2025-08-07T20:12:11+00:00
automatic update
- - - - -
3592f686 by security tracker role at 2025-08-07T20:13:48+00:00
automatic NOT-FOR-US entries update
- - - - -
8d45cb9f by Salvatore Bonaccorso at 2025-08-07T22:15:44+02:00
Add Debian bug reference for CVE-2025-3770/edk2
- - - - -
ea702303 by Salvatore Bonaccorso at 2025-08-07T22:27:34+02:00
Process some NFUs
- - - - -
545a28fa by Salvatore Bonaccorso at 2025-08-07T22:29:57+02:00
Add CVE-2025-7054/quiche
- - - - -
5aaab797 by Salvatore Bonaccorso at 2025-08-07T22:40:33+02:00
Add CVE-2025-44779/ollama
- - - - -
67901956 by Salvatore Bonaccorso at 2025-08-07T22:52:43+02:00
Add CVE-2025-50952/openjpeg2
- - - - -
928119af by Bastien Roucariès at 2025-08-07T23:36:44+02:00
CVE-2025-54571/mod-security [bullseye]
Follow bookworm
- - - - -
a921f3b7 by Bastien Roucariès at 2025-08-08T00:29:36+02:00
dla-needed: node-tmp
- - - - -
22e1adee by Bastien Roucariès at 2025-08-08T00:45:10+02:00
CVE-2025-54799/golang-github-xenolf-lego [bullseye]
According to description:
However, the library fails to enforce HTTPS both in the original discover
URL (configured by the library user) and in the subsequent addresses
returned by the CAs in the directory and order objects.
If the library user accidentally inputs an HTTP URL, or the
CA similarly misconfigures its endpoints, this will cause the
relevant parts of the protocol to be performed over HTTP.
This can result, at the very least, in a lost of privacy of the
request/response details, such as account and request identifiers
(which could be intercepted by an attacker in a privileged network position).
Therefore:
- ignored because HTTPS MUST be enforced on CA endpoint
- - - - -
17d5906c by Bastien Roucariès at 2025-08-08T00:48:41+02:00
dla-needed: add rcran-rh
- - - - -
5668eb43 by Bastien Roucariès at 2025-08-08T00:55:55+02:00
CVE-2025-54869
icingaweb2-module-pdfexport include FPDI for pdf handling.
The import module of FPDI is vulnerable to DoS
However the export function likely does not need import path.
- - - - -
2e4925f2 by Bastien Roucariès at 2025-08-08T01:15:15+02:00
CVE-2025-3770/edk2 [bullseye]
This is likely a race condition on real hardware.
On emulated hardware, MCE are not triggerable easilly and must be enable for fault injection.
Moreover SMM does not occurs on virtual machine except for S3 handling.
- - - - -
1c525a61 by Salvatore Bonaccorso at 2025-08-08T06:13:52+02:00
Fix typo in NOTE for CVE-2025-54799
- - - - -
bc42a559 by Salvatore Bonaccorso at 2025-08-08T06:16:45+02:00
Mark CVE-2025-54799 as no-dsa
- - - - -
d3bf6652 by Salvatore Bonaccorso at 2025-08-08T06:21:55+02:00
Demote CVE-2025-54869 to unimportant
Thanks: Bastien Roucariès for the analysis.
- - - - -
ec619a12 by security tracker role at 2025-08-08T08:11:58+00:00
automatic update
- - - - -
1fcbed76 by security tracker role at 2025-08-08T08:12:50+00:00
automatic NOT-FOR-US entries update
- - - - -
441800f4 by Salvatore Bonaccorso at 2025-08-08T11:40:20+02:00
Process some NFUs
- - - - -
5f58afc6 by Salvatore Bonaccorso at 2025-08-08T11:41:49+02:00
Add CVE-2025-8698/open5gs, itp'ed
- - - - -
122e5d14 by Bastien Roucariès at 2025-08-08T15:24:27+02:00
Add asterisk
- - - - -
ab3a243a by Adrian Bunk at 2025-08-08T16:55:17+03:00
dla: take node-tmp
- - - - -
aba7cefa by Adrian Bunk at 2025-08-08T18:30:33+03:00
CVE-2025-49832/asterisk does not affect bullseye
- - - - -
11ffb89a by Maytham Alsudany at 2025-08-09T01:01:21+08:00
CVE-2025-55014/stardict affects us
- - - - -
7c0ae0ba by Salvatore Bonaccorso at 2025-08-08T19:28:35+02:00
Add references for CVE-2025-55014
- - - - -
4bc63063 by Salvatore Bonaccorso at 2025-08-08T19:48:14+02:00
Process some NFUs
- - - - -
84bfc300 by Salvatore Bonaccorso at 2025-08-08T21:33:44+02:00
Add CVE-2025-54368/uv, itp'ed
- - - - -
7fc8432d by Salvatore Bonaccorso at 2025-08-08T21:37:30+02:00
Add CVE-2025-45765/ruby-jwt, mark as unimportant
- - - - -
ae4c8a03 by Salvatore Bonaccorso at 2025-08-08T21:38:12+02:00
Process one NFU
- - - - -
d935dc15 by Salvatore Bonaccorso at 2025-08-08T21:48:11+02:00
Add reference to where problems start earliest for CVE-2025-46206
- - - - -
25716366 by security tracker role at 2025-08-08T20:12:09+00:00
automatic update
- - - - -
9ab21b42 by security tracker role at 2025-08-08T20:13:02+00:00
automatic NOT-FOR-US entries update
- - - - -
0a714a9a by Salvatore Bonaccorso at 2025-08-08T22:13:53+02:00
Add CVE-2025-47908/golang-github-rs-cors
- - - - -
6a1425cd by Salvatore Bonaccorso at 2025-08-08T22:22:49+02:00
Process some NFUs
- - - - -
bd19e5cb by Salvatore Bonaccorso at 2025-08-08T22:23:50+02:00
Add two new cflow issues
- - - - -
27ccab5c by Salvatore Bonaccorso at 2025-08-08T22:24:14+02:00
Add two new bison issues
- - - - -
46dd2e5c by Salvatore Bonaccorso at 2025-08-08T22:24:44+02:00
Add CVE-2025-8732/libxml2
- - - - -
ab96ceb9 by Salvatore Bonaccorso at 2025-08-08T22:37:51+02:00
Process some NFUs
- - - - -
0614ddde by Salvatore Bonaccorso at 2025-08-08T22:38:40+02:00
Add CVE-2010-10013/ajaxplorer, itp'ed
While we track ajaxplorer CVEs with the ITP'ed bug, we do not trakc the
Pydio Cells ones, but mark them NFU. Those CVEs might want a review.
- - - - -
54f1d50c by Salvatore Bonaccorso at 2025-08-08T22:41:04+02:00
Add CVE-2012-10048/zenoss, itp'ed
- - - - -
bb4b5224 by Salvatore Bonaccorso at 2025-08-08T22:41:40+02:00
Add CVE-2012-10050/cuteflow, itp'ed
- - - - -
11e37be9 by Salvatore Bonaccorso at 2025-08-08T22:42:27+02:00
Reassign one older NFU to itp'ed entry
- - - - -
ab138918 by Adrian Bunk at 2025-08-08T23:47:54+03:00
CVE-2019-11388/modsecurity-crs has already been fixed
- - - - -
ab10e83b by Adrian Bunk at 2025-08-08T23:54:21+03:00
Reserve DLA-4265-1 for modsecurity-crs
- - - - -
c038d318 by Bastien Roucariès at 2025-08-09T00:08:20+02:00
CVE-2025-50420/poppler [bullseye]
Classify as postponed: Local DoS
- - - - -
603633f2 by Salvatore Bonaccorso at 2025-08-09T07:34:31+02:00
Update status for CVE-2025-53022
- - - - -
8e0e7e39 by Salvatore Bonaccorso at 2025-08-09T09:44:34+02:00
Add CVE-2025-47183/gst-plugins-good1.0
- - - - -
48ba4b47 by Salvatore Bonaccorso at 2025-08-09T09:52:10+02:00
Add CVE-2025-47219/gst-plugins-good1.0
- - - - -
55eda879 by Salvatore Bonaccorso at 2025-08-09T10:10:59+02:00
Add CVE-2025-4780{6,7,8}/gst-plugins-base1.0
- - - - -
b92713e1 by Maytham Alsudany at 2025-08-09T16:40:28+08:00
Process some NFUs
- - - - -
6c00c56e by Maytham Alsudany at 2025-08-09T16:41:16+08:00
Add CVE-2025-45512/u-boot
- - - - -
114ed8c8 by Maytham Alsudany at 2025-08-09T16:43:13+08:00
Add CVE-2024-8244/golang-1.{24,23,19,15}
- - - - -
a8be0c07 by Maytham Alsudany at 2025-08-09T16:43:42+08:00
Add CVE-2025-50340/sogo
- - - - -
429aaf21 by Salvatore Bonaccorso at 2025-08-09T10:51:09+02:00
Revert "Add CVE-2025-50340/sogo"
This reverts commit a8be0c07bb783feee8b3110f25d76e3726557571.
it is unconfirmed if this is fixed in 5.7.0.
- - - - -
7506d4bf by Salvatore Bonaccorso at 2025-08-09T11:00:24+02:00
Add sogo issues with todo item to check state
- - - - -
37bb5e09 by Salvatore Bonaccorso at 2025-08-09T11:09:19+02:00
Merge branch 'trixie-release' into 'master'
Preparations for the security-tracker for the trixie release
See merge request security-tracker-team/security-tracker!213
- - - - -
2d3e26b8 by Salvatore Bonaccorso at 2025-08-09T11:45:34+02:00
Update status for CVE-2025-50340
- - - - -
f49b8565 by Salvatore Bonaccorso at 2025-08-09T12:00:47+02:00
Update status for CVE-2025-8733
- - - - -
4a0f3fd7 by Salvatore Bonaccorso at 2025-08-09T12:06:26+02:00
Add Debian bug references for bison issues
- - - - -
41faa1a8 by Salvatore Bonaccorso at 2025-08-09T12:07:06+02:00
Add Debian bug reference for CVE-2025-50422/cairo
- - - - -
d067a48f by Salvatore Bonaccorso at 2025-08-09T12:09:17+02:00
Add Debian bug reference for CVE-2025-8262/node-yarnpkg
- - - - -
9f073260 by Salvatore Bonaccorso at 2025-08-09T12:10:28+02:00
Add Debian bug reference for CVE-2025-8197/libsoup3
- - - - -
ab26a0d9 by Salvatore Bonaccorso at 2025-08-09T12:17:03+02:00
Track proposed imagemagick update via trixie-pu
- - - - -
786c07aa by Salvatore Bonaccorso at 2025-08-09T12:19:18+02:00
Mark imagemagick issues as no-dsa for trixie
- - - - -
20c4e9fe by Maytham Alsudany at 2025-08-09T18:29:41+08:00
Add redis forks to data/embedded-code-copies
- - - - -
617e2f3b by Salvatore Bonaccorso at 2025-08-09T12:30:57+02:00
Add back todo for CVE-2011-10008
- - - - -
d8843f17 by Salvatore Bonaccorso at 2025-08-09T12:31:14+02:00
Revert "Add redis forks to data/embedded-code-copies"
This reverts commit 20c4e9fee07c956a4971fc1e781c92690c8f094a.
We treat src:valkey and src:redirect not as embeded copy projects and
list already CVEs affecting the other projects after triage.
- - - - -
877e782d by Bastien Roucariès at 2025-08-09T14:17:04+02:00
golang [bullseye] triage issue
Follow bookworm
- - - - -
4c2bc33e by Stefano Rivera at 2025-08-09T15:41:05+02:00
Reserve DLA-4266-1 for distro-info-data
- - - - -
07cf6c32 by Salvatore Bonaccorso at 2025-08-09T15:46:35+02:00
Add CVE-2025-7039/glib2.0
- - - - -
d3032700 by Salvatore Bonaccorso at 2025-08-09T16:37:52+02:00
Update status for two cflow issues
- - - - -
b19ab942 by Salvatore Bonaccorso at 2025-08-09T16:53:46+02:00
Merge Linux CVEs from kernel-sec
- - - - -
abe5afd7 by Adrian Bunk at 2025-08-09T18:19:39+03:00
CVE-2025-32989/gnutls28 does not affect bullseye
- - - - -
686dea01 by Adrian Bunk at 2025-08-09T18:24:05+03:00
Reserve DLA-4267-1 for gnutls28
- - - - -
20496802 by Bastien Roucariès at 2025-08-09T17:30:16+02:00
cflow [bullseye] mark as ignored
crash in CLI Tools
- - - - -
102bdec0 by Bastien Roucariès at 2025-08-09T17:34:37+02:00
CVE-2025-50422/cairo [bullseye]
This is a no clear vulnerability of cipher text, that need another exploit or dump right to be exploitable, thus postpone
- - - - -
ab3314bb by Adrian Bunk at 2025-08-09T18:46:33+03:00
CVE-2018-16375/openjpeg2 is already fixed in >= bullseye
- - - - -
abe303a1 by Adrian Bunk at 2025-08-09T18:50:42+03:00
CVE-2018-20846/openjpeg2 is already fixed in >= bullseye
- - - - -
abdab04b by Adrian Bunk at 2025-08-09T19:01:37+03:00
CVE-2017-17479/openjpeg2 is already fixed in >= buster
Same fixing commit as CVE-2017-17480
- - - - -
abb0a220 by Adrian Bunk at 2025-08-09T19:10:35+03:00
CVE-2025-50952/openjpeg2: Fix URL in note
- - - - -
02757b14 by Salvatore Bonaccorso at 2025-08-09T18:52:34+02:00
Remove one no-dsa level tagged entry from unimportant CVE
- - - - -
01e5bd99 by Salvatore Bonaccorso at 2025-08-09T19:10:39+02:00
Specifiy distribution to oldstable when only there a DSA is needed
- - - - -
09daa0a7 by security tracker role at 2025-08-09T20:12:44+00:00
automatic update
- - - - -
59a8b291 by security tracker role at 2025-08-09T20:13:49+00:00
automatic NOT-FOR-US entries update
- - - - -
25fc5bac by Moritz Muehlenhoff at 2025-08-09T23:34:48+02:00
NFUs
- - - - -
a32ec15d by Moritz Muehlenhoff at 2025-08-09T23:46:55+02:00
auto-nfu: Update Apache list
- - - - -
ab65cc22 by Adrian Bunk at 2025-08-10T03:24:46+03:00
dsa-needed: Typo fix
- - - - -
878ed7f7 by Salvatore Bonaccorso at 2025-08-10T06:20:58+02:00
Process some NFUs
- - - - -
0524108d by Salvatore Bonaccorso at 2025-08-10T06:22:01+02:00
Track new issues in openbao, itp'ed
- - - - -
8049e35b by Salvatore Bonaccorso at 2025-08-10T07:02:13+02:00
Track fixed version for two python3.13 issues fixed via unstable
- - - - -
6e5d1784 by Maytham Alsudany at 2025-08-10T13:22:35+08:00
Add note to CVE-2025-8746
- - - - -
a5b412f0 by Maytham Alsudany at 2025-08-10T13:25:43+08:00
Add CVE-2025-55188/7zip
- - - - -
5b3992c1 by Maytham Alsudany at 2025-08-10T13:26:21+08:00
NFU CVE-2025-55152
- - - - -
9e438d84 by security tracker role at 2025-08-10T08:12:05+00:00
automatic update
- - - - -
c1336cc6 by security tracker role at 2025-08-10T08:13:47+00:00
automatic NOT-FOR-US entries update
- - - - -
308df3e6 by Bastien Roucariès at 2025-08-10T10:20:19+02:00
Add a note about CVE-2025-45768/pyjwt
- - - - -
0843263f by Maytham Alsudany at 2025-08-10T17:59:39+08:00
NFUs
- - - - -
277a0904 by Maytham Alsudany at 2025-08-10T18:01:18+08:00
Add CVE-2025-8800/open5gs and CVE-2025-8799/open5gs
- - - - -
b3f74d6e by Salvatore Bonaccorso at 2025-08-10T12:58:12+02:00
Triage openjpeg2 issues for bookworm and trixie
- - - - -
6825a928 by Salvatore Bonaccorso at 2025-08-10T13:01:14+02:00
Track proposed openjpeg2 update via bookworm-pu
- - - - -
c8b0632e by Salvatore Bonaccorso at 2025-08-10T13:16:42+02:00
Update status for CVE-2025-45512/u-boot
- - - - -
8543f8b7 by Salvatore Bonaccorso at 2025-08-10T13:36:09+02:00
Mark CVE-2024-57868 as no-dsa for trixie
- - - - -
66ebf180 by Salvatore Bonaccorso at 2025-08-10T13:37:57+02:00
Mark CVE-2025-40923 as no-dsa for trixie
- - - - -
0ea553b0 by Salvatore Bonaccorso at 2025-08-10T13:51:53+02:00
Mark CVE-2024-58036 as no-dsa for trixie
- - - - -
4243f09e by Salvatore Bonaccorso at 2025-08-10T13:53:40+02:00
Mark two libmojolicious-perl issues as no-dsa for trixie
- - - - -
1a702e83 by Salvatore Bonaccorso at 2025-08-10T13:56:36+02:00
Mark CVE-2025-40914 as no-dsa for trixie
- - - - -
6cbb4abe by Salvatore Bonaccorso at 2025-08-10T13:57:23+02:00
Mark CVE-2025-40924 as no-dsa for trixie
- - - - -
20016960 by Salvatore Bonaccorso at 2025-08-10T13:58:19+02:00
Mark CVE-2025-40918 as no-dsa for trixie
- - - - -
b36799ed by Salvatore Bonaccorso at 2025-08-10T14:00:23+02:00
Add explicit references for CVE-2025-40918
- - - - -
1ae88650 by Stefano Rivera at 2025-08-10T15:11:29+02:00
pip included an embedded python-typing-extensions until 25.2
- - - - -
54f92c62 by Salvatore Bonaccorso at 2025-08-10T18:00:00+02:00
Track fixed version via unstable for CVE-2025-40923/libplack-middleware-session-perl
- - - - -
94f08731 by Salvatore Bonaccorso at 2025-08-10T18:05:03+02:00
Track fixed version for CVE-2025-7394/wolfssl via unstable
- - - - -
bb3d31d4 by Salvatore Bonaccorso at 2025-08-10T18:08:32+02:00
Update status for CVE-2025-6545/node-pbkdf2
- - - - -
8508fb42 by Salvatore Bonaccorso at 2025-08-10T20:57:39+02:00
Update status for CVE-2024-53382/node-prismjs
- - - - -
356fa829 by Salvatore Bonaccorso at 2025-08-10T20:59:44+02:00
Track fixed version for various wpewebkit issues fixed via unstable
- - - - -
245f49d0 by Salvatore Bonaccorso at 2025-08-10T21:03:26+02:00
Update status for CVE-2025-45512
Not considered a security issue by upstream, ideally should be rejected.
Thanks: Vagrant Cascadian for reaching out to upstream and confirming
the status.
- - - - -
f56d5dfe by Salvatore Bonaccorso at 2025-08-10T21:20:32+02:00
Mark CVE-2025-8746 as unimportant issue
- - - - -
47ea6efe by Salvatore Bonaccorso at 2025-08-10T21:25:28+02:00
Update status for CVE-2025-55188
- - - - -
d6e83a73 by Salvatore Bonaccorso at 2025-08-10T21:32:20+02:00
Demote CVE-2025-45768 to unimportant
- - - - -
32b07d44 by Salvatore Bonaccorso at 2025-08-10T21:34:31+02:00
Update status for same class of issues with disputed security impact
All of the issues are similar and from same reporter as for
CVE-2025-45768, where the same argumets holds as back there provided by
upstream in https://github.com/jpadilla/pyjwt/issues/1080 .
Those CVEs might need to be rejected.
- - - - -
bd6e50c2 by security tracker role at 2025-08-10T20:12:10+00:00
automatic update
- - - - -
b98e2ccb by security tracker role at 2025-08-10T20:13:05+00:00
automatic NOT-FOR-US entries update
- - - - -
cf443979 by Moritz Muehlenhoff at 2025-08-10T23:16:01+02:00
NFUs
- - - - -
93ac8cff by Moritz Muehlenhoff at 2025-08-10T23:16:35+02:00
remove NFU entry for rejected issue
- - - - -
d65d6ea8 by Bastien Roucariès at 2025-08-11T01:06:13+02:00
CVE-2025-50952/openjpeg2 [bulleyes]
Follow bookworm
- - - - -
07c803e4 by Bastien Roucariès at 2025-08-11T01:11:06+02:00
CVE-2025-55188/bullseye
Follow bookworm
- - - - -
ebaca26d by Salvatore Bonaccorso at 2025-08-11T05:38:59+02:00
Track fixed version for CVE-2025-40924 via unstable
- - - - -
baaf065b by Salvatore Bonaccorso at 2025-08-11T05:40:58+02:00
Track fixed version for CVE-2025-40914/libcryptx-perl
- - - - -
ef117d0b by Salvatore Bonaccorso at 2025-08-11T05:48:27+02:00
Track fixed version for CVE-2025-40918/libauthen-sasl-perl via unstable
- - - - -
a6127082 by Salvatore Bonaccorso at 2025-08-11T05:52:54+02:00
Track fixes for webkit2gtk via unstable
- - - - -
db376e36 by Salvatore Bonaccorso at 2025-08-11T05:54:16+02:00
Restore wpewebkit version in unstable for CVE-2025-24189
- - - - -
63e85725 by Salvatore Bonaccorso at 2025-08-11T05:57:05+02:00
Add Debian bug references for ros-ros-comm issues
- - - - -
3f5f2729 by Jochen Sprickerhof at 2025-08-11T08:17:06+02:00
LTS: claim hdf5 in dla-needed.txt
- - - - -
abe82433 by Salvatore Bonaccorso at 2025-08-11T09:41:06+02:00
Mark CVE-2025-7394/wolfssl as no-dsa
- - - - -
33051f1f by Salvatore Bonaccorso at 2025-08-11T09:42:11+02:00
Track proposed wolfssl update via trxie-pu
- - - - -
decf8a25 by security tracker role at 2025-08-11T08:12:11+00:00
automatic update
- - - - -
d72431e6 by security tracker role at 2025-08-11T08:13:10+00:00
automatic NOT-FOR-US entries update
- - - - -
51b63950 by Salvatore Bonaccorso at 2025-08-11T10:20:30+02:00
Process some NFUs
- - - - -
8bb1753e by Salvatore Bonaccorso at 2025-08-11T10:21:02+02:00
Add two jasper issues
- - - - -
37a34a2b by Salvatore Bonaccorso at 2025-08-11T10:21:55+02:00
Add CVE-2025-8747/keras
Note that keras has a new ITP bug, but as long it does not matures in
the archive and it is in a security-tracker supported suite, keep it as
<removed>.
- - - - -
72e34fe7 by Salvatore Bonaccorso at 2025-08-11T10:24:24+02:00
Associate CVE-2024-55459 with src:keras
- - - - -
b2835adf by Alberto Garcia at 2025-08-11T10:28:35+02:00
wpewebkit is not covered by security support in trixie
- - - - -
3ee8e2ce by Moritz Muehlenhoff at 2025-08-11T10:32:08+02:00
trixie/bookworm triage
- - - - -
049e0d86 by Salvatore Bonaccorso at 2025-08-11T10:56:20+02:00
security-team overview: Sync table with real situation
Add trixie as new stable release, move bookworm to oldstable and mention
forky as testing release.
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
83fdb3be by Adrian Bunk at 2025-08-11T13:19:10+03:00
Reserve DLA-4268-1 for node-tmp
- - - - -
75029d2a by Salvatore Bonaccorso at 2025-08-11T13:23:58+02:00
Add reference to report for CVE-2025-55188
- - - - -
ab70000b by Adrian Bunk at 2025-08-11T15:27:20+03:00
CVE-2025-32776/openrazer was fixed in the latest bookworm point release
- - - - -
a4af68f6 by Salvatore Bonaccorso at 2025-08-11T17:53:42+02:00
Drop tracking for openrazer, it was already fixed in the last bookworm point release
- - - - -
83340ab0 by Salvatore Bonaccorso at 2025-08-11T17:56:06+02:00
Drop two CVEs which got rejected
- - - - -
539db480 by Moritz Muehlenhoff at 2025-08-11T17:57:20+02:00
trixie/bookworm triage
- - - - -
c893a548 by Salvatore Bonaccorso at 2025-08-11T19:03:10+02:00
Demote severity for ros-ros-comm issues to unimportant
The security impact is disputable. After short discussion with ochen
Sprickerhof (and indirectly Timo Röhling) we agree that the impact is
negligible. More information and followup as well in #1110773
- - - - -
513ef98f by Salvatore Bonaccorso at 2025-08-11T19:27:04+02:00
Track fixed version for CVE-2025-5456{6,7}/qemu via unstable
- - - - -
7e2feeeb by Salvatore Bonaccorso at 2025-08-11T19:28:30+02:00
Track fixed version for CVE-2020-24352/qemu
This is not fully correct, the patch does not fix all cases according to
the upstream comment. Though the maintainer who is as well upstream
consideres it enough to fix the CVE. Follow suit in this case and track
the fix with upstream's ca1f9cbfdce4 ("ati: check x y display parameter
values").
- - - - -
3d5bfea1 by Salvatore Bonaccorso at 2025-08-11T19:44:59+02:00
Track fix via unstable for CVE-2025-2814
- - - - -
49d86a86 by Salvatore Bonaccorso at 2025-08-11T19:50:00+02:00
Track fixed version for CVE-2024-58036 via unstable
- - - - -
1fa8672c by Bastien Roucariès at 2025-08-11T20:34:42+02:00
DLA-4269-1 ca-certificates-java - bugfix update
Fix ca-certificate-java loop depends, thus closing RC bug
blocking ca-certificates
- - - - -
8ca48aea by Bastien Roucariès at 2025-08-11T20:49:36+02:00
dla-needed: ros-ros-com
Remove ros-ros-com following analysis from seurity team
- - - - -
c19bd191 by Bastien Roucariès at 2025-08-11T20:51:29+02:00
dla-needed: ca-certificates
- - - - -
ebf13395 by Salvatore Bonaccorso at 2025-08-11T21:14:18+02:00
Track proposed update for wolfssl fix via bookworm-pu
- - - - -
18d0f842 by Salvatore Bonaccorso at 2025-08-11T21:27:36+02:00
Merge branch 'python-pip-embed' into 'master'
pip included an embedded python-typing-extensions until 25.2
See merge request security-tracker-team/security-tracker!239
- - - - -
6defdb75 by Bastien Roucariès at 2025-08-11T21:30:02+02:00
CVE-2025-23048/apache2
Document regression for load balancer
- - - - -
7e94ce80 by Moritz Muehlenhoff at 2025-08-11T21:38:49+02:00
auto-nfu: Add rule for Sophos
Total CVEs from Sophos: 58
Total CVEs from Sophos with packages assigned: 0
Scope: Sophos issues only.
- - - - -
c373dbac by Moritz Muehlenhoff at 2025-08-11T21:48:23+02:00
commons-beanutils ospu
- - - - -
f64f8cc8 by Salvatore Bonaccorso at 2025-08-11T22:05:16+02:00
Mark CVE-2025-48734 as no-dsa for bookworm
- - - - -
9bb88b19 by security tracker role at 2025-08-11T20:12:03+00:00
automatic update
- - - - -
55b77b28 by security tracker role at 2025-08-11T20:12:57+00:00
automatic NOT-FOR-US entries update
- - - - -
8804cfb1 by Salvatore Bonaccorso at 2025-08-11T22:20:24+02:00
Process some NFUs
- - - - -
b056de30 by Salvatore Bonaccorso at 2025-08-11T22:24:53+02:00
Add CVE-2025-8851/tiff
- - - - -
e31d203f by Salvatore Bonaccorso at 2025-08-11T22:31:06+02:00
Process some NFUs
- - - - -
76c45d7a by Salvatore Bonaccorso at 2025-08-11T22:31:43+02:00
Add CVE-2025-8837/jasper
- - - - -
70a3f1c9 by Salvatore Bonaccorso at 2025-08-11T22:41:01+02:00
Add CVE-2025-38499/linux
- - - - -
d84f9594 by Salvatore Bonaccorso at 2025-08-11T22:44:51+02:00
Process some NFUs
- - - - -
038089ee by Bastien Roucariès at 2025-08-11T22:54:23+02:00
Partial revert of CVE-2025-23048/apache2
Correct this line removed
[bullseye] - apache2 <not-affected> (Vulnerable code introduced in 2.4.64)
- - - - -
b37e74ad by Sylvain Beucler at 2025-08-11T22:57:22+02:00
bin/check-syntax: drop dead code
I suppose the initial 2005 code (per git-blame) was meant to strip
CAN- and CVE- and make unicity checks only based on YYYY-XXXX, but
this should have been: 'if n[0:3]' (not 0:4). Anyhow, we don't use
'CAN' anymore and never enter the 'if' during 'make check', so let's
drop it for clarity.
- - - - -
a127cd2f by Sylvain Beucler at 2025-08-11T22:57:22+02:00
bin/tracker_data.py: fix invalid escape sequence warning
- - - - -
f8a981b0 by Sylvain Beucler at 2025-08-11T22:57:22+02:00
bin/tracker_data.py: drop six, we already moved to py3
- - - - -
55bb5816 by Sylvain Beucler at 2025-08-11T22:57:22+02:00
lts-cve-triage: drop possible_easy_fixes report
This report lists issues fixed in stable while the package is already
triaged in dla-needed.txt.
This is noise for front-desk (since it's already triaged).
This is not useful to regular LTS contributors, who don't use this
triage script -- and even if they did, this is only a lesser
alternative to checking:
https://security-tracker.debian.org/tracker/source-package/PACKAGE
This will also allow filtering packages already in dla-needed.txt in a
global way (in another commit).
- - - - -
46b01341 by Salvatore Bonaccorso at 2025-08-11T23:00:02+02:00
Add new nasm issues
- - - - -
b2a47e2d by Salvatore Bonaccorso at 2025-08-12T05:51:52+02:00
Add CVE-2025-40920/libcatalyst-authentication-credential-http-perl
- - - - -
1377f371 by Salvatore Bonaccorso at 2025-08-12T06:55:36+02:00
Add Debian bug reference for CVE-2025-40920
- - - - -
04e93157 by Salvatore Bonaccorso at 2025-08-12T07:52:18+02:00
Process some NFUs
- - - - -
02900d36 by Salvatore Bonaccorso at 2025-08-12T07:56:40+02:00
Add tracking for new libcsp issues
- - - - -
aee6ada3 by Moritz Muehlenhoff at 2025-08-12T08:23:11+02:00
drop NFU for rejected issue
- - - - -
f366f436 by Moritz Muehlenhoff at 2025-08-12T08:37:06+02:00
mark stardict as fixed in 3.0.7+git20220909+dfsg-7, that version no longer
enables the affected plugin in debian/rules
- - - - -
4daf0aa1 by Salvatore Bonaccorso at 2025-08-12T08:59:03+02:00
Track fixed version for CVE-2025-54874/openjpeg2 via unstable
- - - - -
0f210bce by Moritz Muehlenhoff at 2025-08-12T09:00:13+02:00
auto-nfu: Update Nvidia rule
- - - - -
dd508590 by security tracker role at 2025-08-12T08:12:09+00:00
automatic update
- - - - -
f4ec7c70 by security tracker role at 2025-08-12T08:13:03+00:00
automatic NOT-FOR-US entries update
- - - - -
2bf42caa by Maytham Alsudany at 2025-08-12T16:20:12+08:00
NFU CVE-2025-55161
- - - - -
628f71bf by Maytham Alsudany at 2025-08-12T16:23:03+08:00
Add CVE-2025-55159/rust-slab
- - - - -
cac4a6a7 by Salvatore Bonaccorso at 2025-08-12T10:30:51+02:00
Add CVE-2025-55158/vim
- - - - -
1ede1ac5 by Salvatore Bonaccorso at 2025-08-12T10:32:11+02:00
Add CVE-2025-55157/vim
- - - - -
c271266e by Salvatore Bonaccorso at 2025-08-12T10:32:45+02:00
Add CVE-2025-55156/pyload, itp'ed
- - - - -
2ae08697 by Salvatore Bonaccorso at 2025-08-12T10:35:03+02:00
Process some NFUs
- - - - -
44763bcc by Maytham Alsudany at 2025-08-12T16:38:04+08:00
Add CVE-2025-55012/zed-editor
- - - - -
5e98e90c by Salvatore Bonaccorso at 2025-08-12T10:38:43+02:00
Update status for CVE-2025-55157/vim
- - - - -
1ef03d8a by Salvatore Bonaccorso at 2025-08-12T10:40:03+02:00
Update status for CVE-2025-55158
- - - - -
69cbee12 by Maytham Alsudany at 2025-08-12T16:43:03+08:00
Add CVE-2025-8672/gimp
- - - - -
1bae6179 by Sylvain Beucler at 2025-08-12T11:26:03+02:00
lts-cve-triage: factor out dla-needed checks for clarity and robustness
- - - - -
423cba2d by Salvatore Bonaccorso at 2025-08-12T11:38:36+02:00
Mark CVE-2025-8845 as no-dsa
- - - - -
ba51b0ab by Salvatore Bonaccorso at 2025-08-12T13:13:04+02:00
Add reference for CVE-2022-29978
- - - - -
8e13d6b3 by Salvatore Bonaccorso at 2025-08-12T14:34:50+02:00
Add reference to upstream report for CVE-2025-8197
- - - - -
a8fcc050 by Salvatore Bonaccorso at 2025-08-12T17:09:15+02:00
Track fixed version via unstable for CVE-2025-40920
- - - - -
e0da9133 by Salvatore Bonaccorso at 2025-08-12T17:31:53+02:00
Track fixed version for CVE-2025-54798/node-tmp
- - - - -
9f394fc4 by Bastien Roucariès at 2025-08-12T18:17:32+02:00
Reserve DLA-4270-1 for apache2
- - - - -
d238eb48 by Chris Lamb at 2025-08-12T09:24:46-07:00
Triage CVE-2024-42516, CVE-2024-43204, CVE-2024-47252, CVE-2025-23048, CVE-2025-49630, CVE-2025-49812 & CVE-2025-53020 in apache2 for bullseye LTS.
- - - - -
fc420f3e by Chris Lamb at 2025-08-12T09:25:52-07:00
Triage CVE-2025-8845 in nasm for bullseye LTS.
- - - - -
692aa5c2 by Chris Lamb at 2025-08-12T09:26:08-07:00
Triage CVE-2025-8734 in bison for bullseye LTS.
- - - - -
1667b496 by Chris Lamb at 2025-08-12T09:26:57-07:00
Triage CVE-2025-40920 in libcatalyst-authentication-credential-http-perl for bullseye LTS.
- - - - -
111cbba5 by Salvatore Bonaccorso at 2025-08-12T19:35:03+02:00
Remove listing of CVE-2025-54090 in DLA
As there was not 2.4.64 upload (and neither a specific backport) the
vulnerable code was never in a bullseye released version. Retain the
status and drop the listing of the CVE in the DLA.
- - - - -
417e31f8 by Salvatore Bonaccorso at 2025-08-12T19:36:38+02:00
Revert "Triage CVE-2024-42516, CVE-2024-43204, CVE-2024-47252, CVE-2025-23048, CVE-2025-49630, CVE-2025-49812 & CVE-2025-53020 in apache2 for bullseye LTS."
This reverts commit d238eb4883cc8b687b60727dbb7fb337d606fddf.
- - - - -
5be7041a by Moritz Mühlenhoff at 2025-08-12T19:56:24+02:00
openjdk-17 DSA
- - - - -
034dca05 by Salvatore Bonaccorso at 2025-08-12T20:33:00+02:00
Reserve DSA number for linux update
- - - - -
662b81aa by Sylvain Beucler at 2025-08-12T20:58:07+02:00
lts-cve-triage: from_elts: add annotations
This report is still new and generates noise.
It is tempting to filter as in 'from_next_lts' but this would make
both reports identical.
Annotate the output for now to better understand the report and avoid
FD from getting the wrong idea.
See also: https://lists.debian.org/debian-lts/2025/08/msg00022.html
Also:
- make annotations generic rather than my old hack in the output code
- make the test about explicit stable/oldstable update more robust.
- clarify 'triage_possible_missed_fixes' as 'from_next_lts'.
- - - - -
263cf516 by Salvatore Bonaccorso at 2025-08-12T21:20:04+02:00
Add CVE-2025-38500/linux
- - - - -
31b37cca by Salvatore Bonaccorso at 2025-08-12T21:39:46+02:00
Update status for CVE-2025-55159/rust-slab
- - - - -
2ae3e536 by security tracker role at 2025-08-12T20:12:45+00:00
automatic update
- - - - -
f9435968 by security tracker role at 2025-08-12T20:14:18+00:00
automatic NOT-FOR-US entries update
- - - - -
8f1ec209 by Salvatore Bonaccorso at 2025-08-12T22:15:16+02:00
Add Debian bug reference for nasm issue
- - - - -
7314ec57 by Salvatore Bonaccorso at 2025-08-12T22:15:18+02:00
Add Debian bug references for golang issues
- - - - -
87a39fc2 by Salvatore Bonaccorso at 2025-08-12T22:19:22+02:00
Add CVE-2025-8885/bouncycastle
- - - - -
87e271f5 by Salvatore Bonaccorso at 2025-08-12T22:23:41+02:00
Add two new kanboard issues
- - - - -
3a7c65d9 by Salvatore Bonaccorso at 2025-08-12T22:28:01+02:00
Process some NFUs
- - - - -
0e91f24b by Salvatore Bonaccorso at 2025-08-12T22:35:47+02:00
Process some NFUs
- - - - -
77dc8618 by Salvatore Bonaccorso at 2025-08-12T22:37:55+02:00
Process one more NFU
- - - - -
9dcc653d by Salvatore Bonaccorso at 2025-08-12T22:38:23+02:00
auto-nfu: Add one more product for the checkpoint CNA
- - - - -
39964dc9 by Salvatore Bonaccorso at 2025-08-12T22:45:03+02:00
Add new intel-microcode issues
- - - - -
abfc9ff2 by Salvatore Bonaccorso at 2025-08-12T22:56:18+02:00
Process some more NFUs
- - - - -
c349d0ca by Salvatore Bonaccorso at 2025-08-12T23:02:31+02:00
Process more NFUs
- - - - -
624bb35a by Salvatore Bonaccorso at 2025-08-12T23:03:35+02:00
Add intel-microcode
- - - - -
a238542c by Salvatore Bonaccorso at 2025-08-12T23:04:50+02:00
Add one new edk2 issue
- - - - -
9285fe1f by Sylvain Beucler at 2025-08-12T23:54:30+02:00
lts-cve-triage: bookworm is oldstable now
- - - - -
a0f2bd39 by Sylvain Beucler at 2025-08-12T23:54:30+02:00
lts-cve-triage: from_elts: clarify annotation
- - - - -
d58b9ebe by Sylvain Beucler at 2025-08-12T23:54:30+02:00
bin/tracker_data.py: debug help
- - - - -
a007ae67 by Sylvain Beucler at 2025-08-12T23:54:30+02:00
bin/tracker_data.py: properly sort CVEs, as in the web tracker
- - - - -
be0dd31f by Sylvain Beucler at 2025-08-12T23:54:30+02:00
lts-cve-triage: to_forward: annotate non-actionable items
- - - - -
6b141433 by Sylvain Beucler at 2025-08-13T00:02:25+02:00
lts-cve-triage: mark some reports as low-priority
- - - - -
bb605f75 by Ben Hutchings at 2025-08-13T00:12:16+02:00
Reserve DLA-4271-1 for linux-6.1
- - - - -
b89f0186 by Sylvain Beucler at 2025-08-13T00:29:09+02:00
lts-cve-triage: to_forward: link salsa issue tracker
- - - - -
99805892 by Sylvain Beucler at 2025-08-13T00:56:01+02:00
unsupported_packages: new 'supported' state not supported
- - - - -
1f58b16f by Roberto C. Sánchez at 2025-08-12T20:18:46-04:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Roberto C. Sánchez <roberto at debian.org>
- - - - -
0b225fc6 by Guilhem Moulin at 2025-08-13T03:42:53+02:00
LTS: reclaim luajit and unbound in dla-needed.txt
- - - - -
2cdcf62a by Salvatore Bonaccorso at 2025-08-13T06:53:14+02:00
Add new chromium issues
- - - - -
54cbafb4 by Salvatore Bonaccorso at 2025-08-13T06:56:32+02:00
Add chromium to dsa-needed list
- - - - -
30f940e1 by Salvatore Bonaccorso at 2025-08-13T08:37:02+02:00
Add initial tracking for CVE-2025-8860
- - - - -
ad25931a by Salvatore Bonaccorso at 2025-08-13T08:57:48+02:00
Convert CVE-2025-8672 to NFU
The issue is not directly associated to src:gimp and packages for MacOS
are as well external projects to Gimp itself.
- - - - -
739d1178 by Aron Xu at 2025-08-13T15:03:35+08:00
DSA for pgpool2
- - - - -
4574dc11 by Aron Xu at 2025-08-13T15:17:16+08:00
take libxslt from carnil as discussed
- - - - -
d39dad71 by Sylvain Beucler at 2025-08-13T09:57:49+02:00
lts-cve-triage: typo
- - - - -
ded2c275 by Salvatore Bonaccorso at 2025-08-13T10:04:05+02:00
Mark CVE-2025-7462 as no-dsa
- - - - -
f79087b4 by Aron Xu at 2025-08-13T16:06:43+08:00
Add notes to mitigation of CVE-2025-7425
- - - - -
bd099c03 by security tracker role at 2025-08-13T08:12:10+00:00
automatic update
- - - - -
12e824f2 by security tracker role at 2025-08-13T08:13:07+00:00
automatic NOT-FOR-US entries update
- - - - -
7929d5d6 by Salvatore Bonaccorso at 2025-08-13T10:19:09+02:00
Process some NFUs
- - - - -
a106e195 by Salvatore Bonaccorso at 2025-08-13T10:36:37+02:00
Add CVE-2024-36331/linux
- - - - -
ea0498da by Moritz Muehlenhoff at 2025-08-13T10:42:25+02:00
chromium fixed in sid
- - - - -
f30eca57 by Salvatore Bonaccorso at 2025-08-13T10:53:16+02:00
Add Debian bug reference for intel-microcode issues
- - - - -
4f592382 by Salvatore Bonaccorso at 2025-08-13T10:55:42+02:00
Add CVE-2025-54472/brpc
- - - - -
b5f3507d by Salvatore Bonaccorso at 2025-08-13T10:56:37+02:00
Associate some older CVEs with brpc, itp'ed
- - - - -
82c2c164 by Salvatore Bonaccorso at 2025-08-13T11:32:33+02:00
Mark lxd as removed from unstable
- - - - -
39e2a328 by Moritz Muehlenhoff at 2025-08-13T12:07:37+02:00
trixie triage
- - - - -
fbe1000b by Salvatore Bonaccorso at 2025-08-13T12:34:07+02:00
Reserve DSA number for linux update
- - - - -
739097c3 by Moritz Muehlenhoff at 2025-08-13T13:27:37+02:00
trixie triage
- - - - -
c7a87a0c by Salvatore Bonaccorso at 2025-08-13T14:05:43+02:00
Track fixes for two libxslt issues fixed via unstable
- - - - -
99f5688d by Aron Xu at 2025-08-13T21:58:43+08:00
Track CVE-2015-9019 is fixed in libxslt/1.1.32-1
- - - - -
4eeb46e1 by Moritz Muehlenhoff at 2025-08-13T17:27:50+02:00
trixia triage
- - - - -
aacbcb9e by Moritz Muehlenhoff at 2025-08-13T20:24:55+02:00
bookworm/trixie triage
- - - - -
aa56d1ee by Paride Legovini at 2025-08-13T20:30:25+02:00
Claim sqlite3 in dla-needed.txt
- - - - -
ffc2ae45 by Salvatore Bonaccorso at 2025-08-13T20:34:52+02:00
Track fixed version via unstable for CVE-2023-53156/rust-transpose
- - - - -
75c727bc by Salvatore Bonaccorso at 2025-08-13T20:44:10+02:00
Update references for CVE-2025-7425
The branch names got inverted TTBOMK, swap them.
- - - - -
42018737 by Salvatore Bonaccorso at 2025-08-13T20:53:31+02:00
Add Debian bug reference for CVE-2025-8860/qemu
- - - - -
d487fbf7 by Salvatore Bonaccorso at 2025-08-13T22:09:18+02:00
Add CVE-2025-53859/nginx
- - - - -
9e100029 by security tracker role at 2025-08-13T20:12:15+00:00
automatic update
- - - - -
9c51dbac by security tracker role at 2025-08-13T20:13:13+00:00
automatic NOT-FOR-US entries update
- - - - -
7d01358a by Salvatore Bonaccorso at 2025-08-13T22:14:24+02:00
Update status for CVE-2025-8941
- - - - -
20042661 by Salvatore Bonaccorso at 2025-08-13T22:19:18+02:00
Process some NFUs
- - - - -
48b8773a by Salvatore Bonaccorso at 2025-08-13T22:19:42+02:00
Add CVE-2025-8916/bouncycastle
- - - - -
cec9826a by Salvatore Bonaccorso at 2025-08-13T22:23:59+02:00
Process some NFUs
- - - - -
48f571f7 by Salvatore Bonaccorso at 2025-08-13T22:27:19+02:00
Add CVE-2025-48989/tomcat
- - - - -
530b9d5e by Salvatore Bonaccorso at 2025-08-13T22:30:03+02:00
Initial bootstrap for CVE-2025-8671
Not all projects will be covered under this CVE and will assign / have
assigned own CVEs. So we should be careful to not mix things.
- - - - -
ce91d035 by Salvatore Bonaccorso at 2025-08-13T22:34:36+02:00
Add new gitlab issues
- - - - -
ac9f9874 by Salvatore Bonaccorso at 2025-08-13T22:38:01+02:00
Add CVE-2025-55668/tomcat
- - - - -
2f5babbc by Salvatore Bonaccorso at 2025-08-13T22:44:10+02:00
Add varnish for CVE-2025-8671
- - - - -
908fd6ab by Salvatore Bonaccorso at 2025-08-13T22:48:55+02:00
Add h2o for CVE-2025-8671
- - - - -
7266078d by Chris Lamb at 2025-08-13T13:54:00-07:00
data/dla-needed.txt: Triage intel-microcode for bullseye LTS.
- - - - -
815ba1d4 by Chris Lamb at 2025-08-13T13:54:02-07:00
Triage CVE-2023-53159 in rust-openssl for bullseye LTS.
- - - - -
db2ff788 by Chris Lamb at 2025-08-13T13:54:03-07:00
Triage CVE-2025-7039 in glib2.0 for bullseye LTS.
- - - - -
202f321b by Chris Lamb at 2025-08-13T13:54:05-07:00
Triage CVE-2024-38805 in edk2 for bullseye LTS.
- - - - -
68356f44 by Chris Lamb at 2025-08-13T13:54:06-07:00
data/dla-needed.txt: Triage lemonldap-ng for bullseye LTS (CVE-2024-52948)
- - - - -
67d74de0 by Salvatore Bonaccorso at 2025-08-13T22:56:28+02:00
Add CVE-2025-55163/netty
- - - - -
01e8ceb9 by Salvatore Bonaccorso at 2025-08-14T06:07:05+02:00
Add initial tracking for new imagemagick issues
- - - - -
5b0c4a33 by Salvatore Bonaccorso at 2025-08-14T07:29:51+02:00
Process some NFUs
- - - - -
4212270d by Salvatore Bonaccorso at 2025-08-14T07:36:09+02:00
Process some NFUs
- - - - -
aab03f4c by Salvatore Bonaccorso at 2025-08-14T07:36:44+02:00
Track more gitlab CVEs
- - - - -
0554f794 by Salvatore Bonaccorso at 2025-08-14T07:57:12+02:00
Mark CVE-2025-8197 as rejected
- - - - -
53b1b31f by Salvatore Bonaccorso at 2025-08-14T08:27:35+02:00
Annotate git entry to clarify for proposed update
- - - - -
aaee3698 by Andres Salomon at 2025-08-14T03:12:48-04:00
chromium dsa
- - - - -
96cc0548 by Salvatore Bonaccorso at 2025-08-14T09:32:02+02:00
Track fix via experimental for CVE-2025-8860
- - - - -
8cb99b8f by Salvatore Bonaccorso at 2025-08-14T09:35:03+02:00
Update status for CVE-2025-8860/qemu
- - - - -
6548ecac by security tracker role at 2025-08-14T08:12:07+00:00
automatic update
- - - - -
b53da362 by security tracker role at 2025-08-14T08:13:06+00:00
automatic NOT-FOR-US entries update
- - - - -
0a810df3 by Moritz Muehlenhoff at 2025-08-14T10:14:04+02:00
varnish fixed in sid
- - - - -
65d5aaef by Salvatore Bonaccorso at 2025-08-14T10:17:20+02:00
Process some NFUs
- - - - -
fda1ea4d by Moritz Muehlenhoff at 2025-08-14T10:23:43+02:00
add note on libxml2 mitigation
- - - - -
18e8913d by Salvatore Bonaccorso at 2025-08-14T10:25:57+02:00
auto-nfu: Add CNA based rule for Netskope
The scope of the CNA is for "All Netskope products and services."
Currently we have as well:
Total CVEs from Netskope: 11
Total CVEs from Netskope with packages assigned: 0
It should be safe to mark those as NFU.
- - - - -
94d76618 by Salvatore Bonaccorso at 2025-08-14T10:28:11+02:00
Fix typo in key for Netskope rule
- - - - -
548ff8b2 by Salvatore Bonaccorso at 2025-08-14T10:30:48+02:00
Process some NFUs
- - - - -
9090ca84 by Salvatore Bonaccorso at 2025-08-14T11:01:12+02:00
Two CVEs for helm-kubernetes, itp'ed
- - - - -
b13c7302 by Salvatore Bonaccorso at 2025-08-14T11:01:43+02:00
Add CVE-2025-55193/rails
- - - - -
512d0d0f by Salvatore Bonaccorso at 2025-08-14T11:02:07+02:00
Process some NFUs
- - - - -
9c0d226f by Salvatore Bonaccorso at 2025-08-14T16:06:41+02:00
Add Debian bug reference for CVE-2025-55188/7zip
- - - - -
fa171739 by Salvatore Bonaccorso at 2025-08-14T16:09:48+02:00
Add two new aide issues
- - - - -
c71d9b3b by Salvatore Bonaccorso at 2025-08-14T16:12:24+02:00
Add commit references for CVE-2025-54409 and CVE-2025-54389
- - - - -
26501424 by Salvatore Bonaccorso at 2025-08-14T16:22:11+02:00
Reserve DSA number for aide update
- - - - -
974391e2 by Thorsten Alteholz at 2025-08-14T16:25:26+02:00
Reserve DLA-4272-1 for aide
- - - - -
e1f0dc9c by Salvatore Bonaccorso at 2025-08-14T16:39:25+02:00
Add new postgresql issues
- - - - -
27e36680 by Salvatore Bonaccorso at 2025-08-14T16:41:37+02:00
Track proposed update for postgresql via {bookworm,trixie}-pu
- - - - -
cc60bb14 by Moritz Muehlenhoff at 2025-08-14T17:14:03+02:00
trixie triage
- - - - -
400f2000 by Moritz Muehlenhoff at 2025-08-14T17:15:01+02:00
auto-nfu: Update Apache rule
- - - - -
25ef56f0 by Chris Lamb at 2025-08-14T09:33:54-07:00
Reserve DLA-4273-1 for postgresql-13
- - - - -
c2551b18 by Salvatore Bonaccorso at 2025-08-14T19:20:52+02:00
Add Debian bug references for tomcat issues
- - - - -
94b392b4 by Chris Lamb at 2025-08-14T12:29:37-07:00
data/dla-needed.txt: Triage netty for bullseye LTS (CVE-2025-55163)
- - - - -
98d7c206 by security tracker role at 2025-08-14T20:12:50+00:00
automatic update
- - - - -
1f4fa965 by security tracker role at 2025-08-14T20:14:07+00:00
automatic NOT-FOR-US entries update
- - - - -
04d9f7f4 by Salvatore Bonaccorso at 2025-08-14T22:56:14+02:00
Add Debian bug reference for CVE-2024-38805/edk2
- - - - -
37847734 by Salvatore Bonaccorso at 2025-08-14T22:58:03+02:00
Add Debian bug references for imagemagick issues
- - - - -
826dbe42 by Salvatore Bonaccorso at 2025-08-14T23:01:29+02:00
Add Debian bug reference for CVE-2025-55193/rails
- - - - -
3d143fdd by Salvatore Bonaccorso at 2025-08-14T23:03:08+02:00
Add Debian bug reference for CVE-2025-55163/netty
- - - - -
b826b9f7 by Salvatore Bonaccorso at 2025-08-14T23:06:37+02:00
Track fixed version for two aide issues via unstable
- - - - -
ae6ba15a by Salvatore Bonaccorso at 2025-08-14T23:09:06+02:00
Add GHSA references for aide issues
- - - - -
f7b4528e by Salvatore Bonaccorso at 2025-08-14T23:28:37+02:00
Process some NFUs
- - - - -
fd1d7a84 by Salvatore Bonaccorso at 2025-08-14T23:39:53+02:00
Add CVE-2025-55197/pypdf
- - - - -
f4c3c871 by Salvatore Bonaccorso at 2025-08-14T23:47:41+02:00
Mark CVE-2025-50340 as unimportant
- - - - -
2fed26b4 by Salvatore Bonaccorso at 2025-08-14T23:51:02+02:00
Add commit references for CVE-2024-3536{7,8}/ffmpeg in 5.1.y branch
- - - - -
fe5e3170 by Salvatore Bonaccorso at 2025-08-14T23:55:58+02:00
Add lighttpd for CVE-2025-8671
- - - - -
afea1744 by Salvatore Bonaccorso at 2025-08-15T06:05:19+02:00
Add Debian bug reference for CVE-2025-53859/nginx
- - - - -
6c061720 by Salvatore Bonaccorso at 2025-08-15T06:15:37+02:00
Add Debian bug reference for pypdf issue
- - - - -
02cd63b2 by Salvatore Bonaccorso at 2025-08-15T06:40:10+02:00
Add Debian bug reference for CVE-2025-8671/lighttpd
- - - - -
cc709782 by Moritz Muehlenhoff at 2025-08-15T09:59:33+02:00
bookworm/trixie triage
- - - - -
4c1156af by security tracker role at 2025-08-15T08:12:38+00:00
automatic update
- - - - -
0501dcff by security tracker role at 2025-08-15T08:14:11+00:00
automatic NOT-FOR-US entries update
- - - - -
834b0290 by Salvatore Bonaccorso at 2025-08-15T10:16:15+02:00
Add CVE-2025-8961/tiff
- - - - -
145b01a8 by Salvatore Bonaccorso at 2025-08-15T10:20:47+02:00
Process some NFUs
- - - - -
912d9498 by Salvatore Bonaccorso at 2025-08-15T10:21:11+02:00
Add CVE-2025-9019/tcpreplay
- - - - -
267fe826 by Moritz Muehlenhoff at 2025-08-15T11:03:35+02:00
ffmpeg triage
- - - - -
71027e9e by Moritz Muehlenhoff at 2025-08-15T11:18:06+02:00
ffmpeg triage
- - - - -
dcc1dbe0 by Moritz Muehlenhoff at 2025-08-15T12:14:03+02:00
mark haproxy n/a for madeyoureset
- - - - -
6d23b884 by Moritz Muehlenhoff at 2025-08-15T12:42:18+02:00
new python-future issue
- - - - -
fd2bc105 by Andrej Shadura at 2025-08-15T13:39:46+02:00
Claim mbedtls
- - - - -
f519e8de by Moritz Mühlenhoff at 2025-08-15T13:56:01+02:00
git spu
- - - - -
3c0acad2 by Moritz Muehlenhoff at 2025-08-15T15:46:50+02:00
trixie triage
- - - - -
b2dee613 by Moritz Muehlenhoff at 2025-08-15T16:37:36+02:00
auto-nfu: Add initial rule for Intel
- - - - -
1fa0131e by Moritz Muehlenhoff at 2025-08-15T16:44:49+02:00
auto-nfu: Update Cisco rule
- - - - -
2ccece8b by Moritz Muehlenhoff at 2025-08-15T16:50:53+02:00
auto-nfu: Update NVIDIA rule
- - - - -
9f3f746c by Moritz Muehlenhoff at 2025-08-15T17:01:55+02:00
auto-nfu: Update Intel rule
- - - - -
cc8081e3 by Salvatore Bonaccorso at 2025-08-15T20:06:20+02:00
Slighly reorder packages for CVE-2025-8671
As this will get more entries over time still, order it at least a bit
to not loose overview (samewise in notes for clarity when tracking
explicit references).
- - - - -
f5e6e52a by Salvatore Bonaccorso at 2025-08-15T20:07:57+02:00
Remove git from dsa-needed, will be fixed in next point releases
- - - - -
a588ca12 by Salvatore Bonaccorso at 2025-08-15T20:09:47+02:00
Mark now git as no-dsa for trixie and bookworm
- - - - -
3e8b86c7 by Salvatore Bonaccorso at 2025-08-15T20:26:28+02:00
Process some NFUs
- - - - -
cf5f0bcf by Salvatore Bonaccorso at 2025-08-15T21:21:53+02:00
Process some NFUs
- - - - -
16b9022a by Salvatore Bonaccorso at 2025-08-15T21:25:15+02:00
Add CVE-2025-50518/libcoap3
- - - - -
59c27aba by Salvatore Bonaccorso at 2025-08-15T21:45:52+02:00
Update status for CVE-2025-8671 and lighttpd
- - - - -
036ed05b by security tracker role at 2025-08-15T20:12:13+00:00
automatic update
- - - - -
44cdac9a by security tracker role at 2025-08-15T20:13:04+00:00
automatic NOT-FOR-US entries update
- - - - -
59429b48 by Bastien Roucariès at 2025-08-15T22:21:04+02:00
dla-needed/ceph
Add status information
- - - - -
b52214e3 by Salvatore Bonaccorso at 2025-08-15T22:24:26+02:00
Process some NFUs
- - - - -
2964fc47 by Salvatore Bonaccorso at 2025-08-15T22:35:57+02:00
Process some more NFUs
- - - - -
033301d0 by Bastien Roucariès at 2025-08-15T22:44:35+02:00
CVE-2025-50200/rabbitmq-server
According to bug fix this is introduced by 383ddb1
Use correct version and mark older version not affected
- - - - -
9a2e2367 by Salvatore Bonaccorso at 2025-08-15T22:52:36+02:00
Add CVE-2025-24975/firebird4.0
- - - - -
a1cc76ac by Salvatore Bonaccorso at 2025-08-15T22:55:16+02:00
Mark CVE-2023-5342 as NFU
- - - - -
1c8d9afd by Salvatore Bonaccorso at 2025-08-15T22:57:44+02:00
Add CVE-2025-54989/firebird
- - - - -
34dbfe00 by Bastien Roucariès at 2025-08-15T23:06:09+02:00
(CVE-2025-54574|CVE-2023-5824)/squid
According to pachtes from other distribution the commit fixing the CVE-2025-54574
is the same that the fixes needed for CVE-2023-5824.
- - - - -
4cefb481 by Bastien Roucariès at 2025-08-15T23:09:59+02:00
dla-needed/squid
- - - - -
cc4b183c by Salvatore Bonaccorso at 2025-08-15T23:31:39+02:00
Process some more NFUs
- - - - -
2484e59d by Salvatore Bonaccorso at 2025-08-16T08:03:09+02:00
Add CVE-2025-38501/linux
- - - - -
1fed9969 by Salvatore Bonaccorso at 2025-08-16T08:07:16+02:00
Add fixed version for CVE-2025-7207/mruby via unstable
We need to add 3.4.0-2 here as only the followup did enable the patch in
debian/patches/series and so applying the fix to the source.
- - - - -
5e93321f by Salvatore Bonaccorso at 2025-08-16T08:52:53+02:00
Annotate introducing commits for CVE-2025-50200
- - - - -
ff2095f8 by Salvatore Bonaccorso at 2025-08-16T08:54:15+02:00
Update status for CVE-2025-24975
- - - - -
de57e61e by Salvatore Bonaccorso at 2025-08-16T09:01:06+02:00
Clarify upstream commits for CVE-2023-5824
- - - - -
3a17ec25 by Salvatore Bonaccorso at 2025-08-16T09:23:37+02:00
Mark mysql-workbench as removed from every suite supported in the archive
- - - - -
b3f6374f by security tracker role at 2025-08-16T08:12:15+00:00
automatic update
- - - - -
d083937e by security tracker role at 2025-08-16T08:13:12+00:00
automatic NOT-FOR-US entries update
- - - - -
bcd0d228 by Salvatore Bonaccorso at 2025-08-16T10:15:54+02:00
Add CVE-2025-8959/golang-github-hashicorp-go-getter
- - - - -
08b86998 by Salvatore Bonaccorso at 2025-08-16T10:16:35+02:00
Process some NFUs
- - - - -
75c8b59d by Salvatore Bonaccorso at 2025-08-16T10:36:21+02:00
Process one more NFU
- - - - -
550a8389 by Salvatore Bonaccorso at 2025-08-16T13:38:01+02:00
Add CVE-2025-38502
- - - - -
bb8a360d by Salvatore Bonaccorso at 2025-08-16T13:47:59+02:00
Merge Linux CVEs from kernel-sec
- - - - -
1caeea21 by Salvatore Bonaccorso at 2025-08-16T14:20:11+02:00
Merge Linux CVEs from kernel-sec
- - - - -
47eca0af by Salvatore Bonaccorso at 2025-08-16T14:45:11+02:00
Merge Linux CVEs from kernel-sec
- - - - -
3a35b717 by Salvatore Bonaccorso at 2025-08-16T14:55:49+02:00
Merge Linux CVEs from kernel-sec
- - - - -
5d19e883 by Salvatore Bonaccorso at 2025-08-16T16:19:23+02:00
Add CVE-2023-32246/linux
- - - - -
542ea1f9 by Salvatore Bonaccorso at 2025-08-16T16:34:08+02:00
Merge Linux CVEs from kernel-sec
- - - - -
491d473f by Salvatore Bonaccorso at 2025-08-16T17:16:14+02:00
Track fix via experimental for CVE-2025-53859/nginx via experimental
- - - - -
27cc478a by Chris Lamb at 2025-08-16T09:59:45-07:00
dla-needed.txt: Update note for mupdf.
- - - - -
98bd73ce by Salvatore Bonaccorso at 2025-08-16T19:32:33+02:00
Clarify status for CVE-2025-25724
- - - - -
e51fdb47 by Salvatore Bonaccorso at 2025-08-16T20:38:41+02:00
Record regression fix for CVE-2025-5918
- - - - -
2d50b929 by Salvatore Bonaccorso at 2025-08-16T21:03:55+02:00
Update status for CVE-2025-9019 and add Debian bug reference
- - - - -
2a0c3dcb by Salvatore Bonaccorso at 2025-08-16T21:05:02+02:00
Add Debian bug reference forCVE-2025-8959/golang-github-hashicorp-go-getter
- - - - -
18566212 by Salvatore Bonaccorso at 2025-08-16T21:05:34+02:00
Add Debian bug reference for CVE-2025-8961/tiff
- - - - -
cd2095c1 by Salvatore Bonaccorso at 2025-08-16T21:14:24+02:00
Add Debian bug references for firebird issues
- - - - -
f3beae98 by Salvatore Bonaccorso at 2025-08-16T21:16:43+02:00
Add Debian bug reference for CVE-2024-13978/tiff
- - - - -
c51d22fb by security tracker role at 2025-08-16T20:12:20+00:00
automatic update
- - - - -
ddb9a88b by security tracker role at 2025-08-16T20:13:15+00:00
automatic NOT-FOR-US entries update
- - - - -
4ee2f2ef by Salvatore Bonaccorso at 2025-08-17T06:55:07+02:00
Mark CVE-2025-9092 as NFU
- - - - -
bafa5a15 by security tracker role at 2025-08-17T08:11:55+00:00
automatic update
- - - - -
7ac3c588 by security tracker role at 2025-08-17T08:12:49+00:00
automatic NOT-FOR-US entries update
- - - - -
c7ced93b by Moritz Muehlenhoff at 2025-08-17T13:22:44+02:00
mark tar as non issue
- - - - -
905d8e38 by Salvatore Bonaccorso at 2025-08-17T16:10:40+02:00
Track proposed update for nvidia-graphics-drivers via bookworm
- - - - -
74bff48a by Salvatore Bonaccorso at 2025-08-17T16:42:22+02:00
Mention that Bastien Roucariès wors on bookworm updates for squid
- - - - -
66bd9a82 by Moritz Muehlenhoff at 2025-08-17T18:00:12+02:00
trixie triage
- - - - -
072c8855 by Salvatore Bonaccorso at 2025-08-17T21:22:38+02:00
Track fixed version for CVE-2025-54989/firebird3.0 via unstable
- - - - -
4d8801a8 by Salvatore Bonaccorso at 2025-08-17T21:25:27+02:00
Track fixes via experimental for cpp-httplib issues
- - - - -
491ad417 by Paride Legovini at 2025-08-17T23:19:18+02:00
dla/sqlite3: update notes
- - - - -
97d3c7f6 by Paride Legovini at 2025-08-18T00:26:20+02:00
lts: CVE-2025-43967/sqlite3: mark as not-affected in bullseye
The CVE mentions 3.39.2 as the first affected version, but I can only be
sure the problematic code got introduced in or after 3.39.0. To err on
the side of caution I'm mentioning 3.39.0 as the first affected version.
The Ubuntu security team reached similar conclusions [1].
[1] https://ubuntu.com/security/CVE-2025-7458#notes
- - - - -
81e282d4 by Chris Lamb at 2025-08-17T15:40:39-07:00
Triage CVE-2025-9019 in tcpreplay for bullseye LTS.
- - - - -
643b76fb by Salvatore Bonaccorso at 2025-08-18T05:22:31+02:00
Track fix via unstable for CVE-2025-53537/libhtp
- - - - -
be8cab0e by Salvatore Bonaccorso at 2025-08-18T05:24:24+02:00
Track fixed version for two firebird4.0 issues fixed via unstable
- - - - -
01bec80c by Abhijith PA at 2025-08-18T10:15:16+05:30
update note in dla-needed.txt
- - - - -
274633c1 by Aron Xu at 2025-08-18T14:50:52+08:00
Revert "Track CVE-2015-9019 is fixed in libxslt/1.1.32-1"
This reverts commit 99f5688d5584e5c7f619d291724d59bf94768cdb.
- - - - -
9b87689d by Paride Legovini at 2025-08-18T09:28:54+02:00
dla-needed: remove sqlite3
CVE-2025-43967 does not affect bullseye, see 97d3c7f6c4bae.
There are no other CVEs for the package.
- - - - -
b36c0d7f by security tracker role at 2025-08-18T08:12:07+00:00
automatic update
- - - - -
f874726d by security tracker role at 2025-08-18T08:13:01+00:00
automatic NOT-FOR-US entries update
- - - - -
0d5bf2b8 by Salvatore Bonaccorso at 2025-08-18T10:55:02+02:00
Process some NFUs
- - - - -
5f8b48d8 by Salvatore Bonaccorso at 2025-08-18T10:58:54+02:00
Process more NFUs
- - - - -
81aacecc by Salvatore Bonaccorso at 2025-08-18T11:22:05+02:00
Process one more NFU
- - - - -
e1b2db3d by Moritz Muehlenhoff at 2025-08-18T12:22:23+02:00
trixie triage
- - - - -
72c64749 by Salvatore Bonaccorso at 2025-08-18T13:34:01+02:00
Track proposed update for glib2.0 via trixie-pu
- - - - -
aba5fc59 by Adrian Bunk at 2025-08-18T14:40:03+03:00
.gitignore: Also ignore ELA-* in ELTS
- - - - -
42d84ed5 by Salvatore Bonaccorso at 2025-08-18T14:40:56+02:00
Track proposed update for CVE-2025-54874/openjpeg2
- - - - -
c851c58a by Salvatore Bonaccorso at 2025-08-18T14:42:03+02:00
Track proposed update for node-tmp via CVE-2025-54798/node-tmp
- - - - -
7964dd9e by Salvatore Bonaccorso at 2025-08-18T14:43:29+02:00
Track proposed update for node-tmp via bookworm-pu
- - - - -
62e5163f by Salvatore Bonaccorso at 2025-08-18T15:41:54+02:00
Update status for CVE-2025-21988/linux
- - - - -
8de24ac5 by Salvatore Bonaccorso at 2025-08-18T17:27:33+02:00
Update status for CVE-2024-47081/requests
- - - - -
305b14e5 by Roberto C. Sánchez at 2025-08-18T11:45:05-04:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Roberto C. Sánchez <roberto at debian.org>
- - - - -
ec0408e8 by Emilio Pozuelo Monfort at 2025-08-18T18:50:23+02:00
lts: reclaim webkit2gtk
- - - - -
565dc57d by Salvatore Bonaccorso at 2025-08-18T18:54:10+02:00
Revert ".gitignore: Also ignore ELA-* in ELTS"
This reverts commit aba5fc59ab001ed861799acd306bff5cded6f306.
Revert this as this is a ELTS tracker specific ignore which is outside
of the security-tracker instance scope. To help with external trackers
the next commit will make the ignore for the generated advisory files
and the signed advisory file more generic.
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
a4236565 by Alberto Garcia at 2025-08-18T18:58:12+02:00
webkit2gtk DSA-5978-1
- - - - -
85ed470b by Andrej Shadura at 2025-08-18T19:24:20+02:00
Reserve DLA-4274-1 for mbedtls
- - - - -
abad8827 by Adrian Bunk at 2025-08-18T20:39:28+03:00
dla: take ruby-saml
- - - - -
a11d2d29 by Salvatore Bonaccorso at 2025-08-18T20:47:45+02:00
Add commit to fixing commit for CVE-2025-50200
- - - - -
e605cab0 by Salvatore Bonaccorso at 2025-08-18T20:49:08+02:00
Track fixed version via unstable for CVE-2025-50200/rabbitmq-server
- - - - -
d93f2d19 by security tracker role at 2025-08-18T20:12:07+00:00
automatic update
- - - - -
a1c15fed by security tracker role at 2025-08-18T20:12:58+00:00
automatic NOT-FOR-US entries update
- - - - -
8412be6c by Salvatore Bonaccorso at 2025-08-18T22:21:31+02:00
Add CVE-2025-55291/shaarli
- - - - -
52d6179a by Salvatore Bonaccorso at 2025-08-18T22:22:11+02:00
Process some NFUs
- - - - -
616d157a by Moritz Muehlenhoff at 2025-08-18T22:34:30+02:00
add p0 reference
- - - - -
57959370 by Salvatore Bonaccorso at 2025-08-18T22:36:53+02:00
Process some NFUs
- - - - -
18cac0e1 by Moritz Muehlenhoff at 2025-08-19T07:26:42+02:00
add rsync references
- - - - -
c1eafa36 by Moritz Muehlenhoff at 2025-08-19T08:31:48+02:00
new spring issue
- - - - -
419226af by Moritz Muehlenhoff at 2025-08-19T08:34:02+02:00
new ognl issue (concludes external check)
- - - - -
d970eef0 by Aron Xu at 2025-08-19T14:39:42+08:00
DSA for libxslt
- - - - -
aa39512d by Salvatore Bonaccorso at 2025-08-19T09:08:08+02:00
Merge Linux CVE changes from kernel-sec
- - - - -
d935b79e by Salvatore Bonaccorso at 2025-08-19T09:11:21+02:00
Add CVE-2025-38553/linux
- - - - -
77fa4d74 by Emilio Pozuelo Monfort at 2025-08-19T10:02:28+02:00
Reserve DLA-4275-1 for openjdk-17
- - - - -
e468c42c by security tracker role at 2025-08-19T08:12:24+00:00
automatic update
- - - - -
c9ccc015 by security tracker role at 2025-08-19T08:13:30+00:00
automatic NOT-FOR-US entries update
- - - - -
dbf46bd0 by Moritz Muehlenhoff at 2025-08-19T10:34:19+02:00
one cpp-httplib issue n/a for bookworm/trixie
- - - - -
d6fbedcf by Moritz Muehlenhoff at 2025-08-19T10:36:07+02:00
NFUs
- - - - -
88084d8a by Moritz Muehlenhoff at 2025-08-19T10:56:16+02:00
imagemagick fixed in sid
- - - - -
f8b40f1f by Moritz Muehlenhoff at 2025-08-19T11:09:35+02:00
imagemagick triage
- - - - -
63499f86 by Moritz Muehlenhoff at 2025-08-19T11:18:43+02:00
two additional imagemagick CVEs
- - - - -
67f4d5a5 by Moritz Muehlenhoff at 2025-08-19T11:43:32+02:00
binutils fixed in sid
- - - - -
3e5d3629 by Moritz Muehlenhoff at 2025-08-19T12:58:48+02:00
more binutils fixes in sid
- - - - -
3202de74 by Moritz Muehlenhoff at 2025-08-19T13:14:20+02:00
add reference to one linux issue
- - - - -
f5959785 by Moritz Muehlenhoff at 2025-08-19T15:26:03+02:00
trixie triage
- - - - -
80ae911d by Salvatore Bonaccorso at 2025-08-19T17:28:24+02:00
Update status for CVE-2023-52927/linux
- - - - -
ae7d3605 by Salvatore Bonaccorso at 2025-08-19T17:30:18+02:00
Update reference for CVE-2025-41242
- - - - -
e8bfff07 by Salvatore Bonaccorso at 2025-08-19T17:33:07+02:00
Add list reference for CVE-2025-53192
- - - - -
51544f5b by Salvatore Bonaccorso at 2025-08-19T17:35:43+02:00
Update status for CVE-2025-52887 as there was no vulnerable version in unstable
- - - - -
c8e6df49 by Daniel Leidert at 2025-08-19T17:38:31+02:00
LTS: claim libcommons-lang3-java in dla-needed.txt
- - - - -
93c31327 by Salvatore Bonaccorso at 2025-08-19T17:45:10+02:00
Move tag information to commit reference
- - - - -
25fc9e0a by Salvatore Bonaccorso at 2025-08-19T17:49:06+02:00
Add (upcoming) GHSA references for imagemagick issues
- - - - -
c700cd04 by Salvatore Bonaccorso at 2025-08-19T19:03:21+02:00
Update status for CVE-2025-8224
The fix for CVE-2025-8224 was picked earlier with an unstable upload
apparently in
binutils (2.43.1-4) unstable; urgency=medium
* New upstream snapshot, taken from the 2.43 branch.
- Fix PR32109, aborting at bfd/bfd.c:1236 in int _bfd_doprnt
- - - - -
4a008417 by Salvatore Bonaccorso at 2025-08-19T20:58:01+02:00
Add Debian bug references for imagemagick issues
- - - - -
23e3c842 by Salvatore Bonaccorso at 2025-08-19T21:06:48+02:00
Add Debian bug reference for CVE-2025-53192/ognl
- - - - -
1583c4fc by Salvatore Bonaccorso at 2025-08-19T21:13:59+02:00
Add Debian bug reference for CVE-2025-55291/shaarli
- - - - -
daf4950e by Salvatore Bonaccorso at 2025-08-19T21:16:28+02:00
Add new batch of Linux CVEs
- - - - -
aa2f37cb by Moritz Muehlenhoff at 2025-08-19T21:40:44+02:00
trixie triage
- - - - -
4289cb73 by security tracker role at 2025-08-19T20:12:47+00:00
automatic update
- - - - -
62ee47b7 by security tracker role at 2025-08-19T20:14:25+00:00
automatic NOT-FOR-US entries update
- - - - -
3180a248 by Salvatore Bonaccorso at 2025-08-19T22:22:43+02:00
Add CVE-2025-9165/tiff
- - - - -
7600235b by Salvatore Bonaccorso at 2025-08-19T22:23:34+02:00
Add CVE-2025-9157/tcpreplay
- - - - -
dfc34258 by Salvatore Bonaccorso at 2025-08-19T22:39:48+02:00
Process some NFUs
- - - - -
62848ebd by Salvatore Bonaccorso at 2025-08-19T22:40:20+02:00
Add CVE-2025-9136/retroarch
- - - - -
869ace1c by Salvatore Bonaccorso at 2025-08-19T22:41:05+02:00
Add two new issues in node-mermaid
- - - - -
f956c0bd by Salvatore Bonaccorso at 2025-08-19T22:46:43+02:00
Process some NFUs
- - - - -
7a4ac73c by Salvatore Bonaccorso at 2025-08-19T22:47:38+02:00
Ad dCVE-2024-45062/ippusbxd
- - - - -
30157661 by Moritz Muehlenhoff at 2025-08-19T23:12:25+02:00
new chromium issue
- - - - -
cbad97c5 by Moritz Muehlenhoff at 2025-08-19T23:14:51+02:00
new firefox-esr issues
- - - - -
764a16db by Moritz Muehlenhoff at 2025-08-19T23:18:07+02:00
new firefox issues
- - - - -
29be5044 by Moritz Muehlenhoff at 2025-08-19T23:19:45+02:00
new thunderbird issues
- - - - -
f20271a1 by Moritz Muehlenhoff at 2025-08-19T23:22:07+02:00
NFUs
- - - - -
edaaa225 by Moritz Muehlenhoff at 2025-08-19T23:29:33+02:00
auto-nfu: Add CNA rule for Lexmark
Total CVEs from Lexmark: 15
Total CVEs from Lexmark with packages assigned: 0
Scope: Lexmark products only.
- - - - -
1abcd2b3 by Salvatore Bonaccorso at 2025-08-20T05:42:50+02:00
Track fixed version for firefox-esr via unstable for mfsa2025-66
- - - - -
5bdc5177 by Daniel Leidert at 2025-08-20T06:31:47+02:00
Triage CVE-2025-8747
- - - - -
81584ee4 by Daniel Leidert at 2025-08-20T06:31:49+02:00
Add some information for CVE-2024-55459
- - - - -
82fc60f3 by Daniel Leidert at 2025-08-20T06:31:50+02:00
Mark CVE-2024-3660 affecting keras as well
The bug is in keras.
- - - - -
30d4bb09 by Salvatore Bonaccorso at 2025-08-20T07:48:37+02:00
Remove association for tensorflow, itp'ed in CVE-2024-3660
As correctly triaged the issue looks in src:keras.
- - - - -
4eae20f3 by Salvatore Bonaccorso at 2025-08-20T07:52:09+02:00
Update associations for CVE-2025-8747 and CVE-2025-1550
- - - - -
6cd18d32 by Salvatore Bonaccorso at 2025-08-20T07:56:45+02:00
Update status for CVE-2025-1550
No version up to the removed version in usntable (2.3.1+dfsg2-1)
contained the vulnerable code and got introduced upstream later.
- - - - -
ae0a279e by Moritz Muehlenhoff at 2025-08-20T08:32:20+02:00
new keycloak issue
- - - - -
70d7a9ce by Salvatore Bonaccorso at 2025-08-20T08:42:52+02:00
Add Debian bug reference for CVE-2025-9136/retroarch
- - - - -
b07695be by Abhijith PA at 2025-08-20T12:19:00+05:30
Marking CVE-2023-28999 as ignored for Bullseye.
e2ee issue including its new features which have around 34 files
changes are very intrusive to backport.
- - - - -
444c1340 by Abhijith PA at 2025-08-20T12:22:14+05:30
Marking CVE-2022-41882 as <not-affected> for Bullseye.
Issue is part of a feature called "local edit" which introduced
around v3.6.
https://github.com/nextcloud/desktop/pull/4771
- - - - -
274ba77d by Moritz Mühlenhoff at 2025-08-20T09:05:15+02:00
glib2.0 ospu
- - - - -
0843fe98 by Emilio Pozuelo Monfort at 2025-08-20T09:54:13+02:00
Reserve DLA-4276-1 for webkit2gtk
- - - - -
6eba509b by Emilio Pozuelo Monfort at 2025-08-20T10:02:09+02:00
lts: take firefox-esr
- - - - -
76fd4960 by security tracker role at 2025-08-20T08:12:55+00:00
automatic update
- - - - -
7ce48937 by security tracker role at 2025-08-20T08:14:02+00:00
automatic NOT-FOR-US entries update
- - - - -
b18eda89 by Salvatore Bonaccorso at 2025-08-20T10:42:51+02:00
Process some NFUs
- - - - -
a4824660 by Salvatore Bonaccorso at 2025-08-20T10:57:54+02:00
Add CVE-2025-8364 from mfsa2025-56
- - - - -
728ba6e6 by Salvatore Bonaccorso at 2025-08-20T10:59:41+02:00
Process some NFUs
- - - - -
48227ab4 by Abhijith PA at 2025-08-20T14:33:28+05:30
Mark CVE-2023-23942 as ignored for Bullseye.
upstream introduced a new property 'EnforcedPlainTextLabel' and
replaced every 'Label' property with it.
Once CVE-2022-39331 fixed, this issue will be partially fixed.
- - - - -
b237407b by Salvatore Bonaccorso at 2025-08-20T11:16:08+02:00
Add two new knack issues
- - - - -
e10fe13e by Bastien Roucariès at 2025-08-20T12:53:19+02:00
dla-needed/rabbitmq
CVE-2025-50200 is fixed so remove
- - - - -
c0ef282e by Bastien Roucariès at 2025-08-20T13:11:23+02:00
dla-needed/netty
Take netty
- - - - -
49501b02 by Jochen Sprickerhof at 2025-08-20T13:34:21+02:00
LTS: claim libxslt in dla-needed.txt
- - - - -
4a19c100 by "Lee Garrett" at 2025-08-20T14:40:20+02:00
LTS: claim git in dla-needed.txt
- - - - -
29925409 by Salvatore Bonaccorso at 2025-08-20T16:53:14+02:00
Remove one rejected CVE
- - - - -
018a6f36 by Salvatore Bonaccorso at 2025-08-20T18:07:11+02:00
gitignore: Generalize catching advisory files generated by gen-IDMODE
The security-tracker code covers DSAs and DLAs but supports as well
setting up extended instances.
Files for advisories are generated with the gen-DSA script. When calling
in the DSA IDMODE a file DSA-\d+-\d+ will be generated. When generating
a link gen-MYSA to gen-DSA the IDMODE is MYSA, and a MYSA-\d+-\d+ is
generated. This covers the DLAs and as well advisories for extended
instances.
To help ignore advisories (and signed advisories) run by an external
instance, make the ignore slightly more generic, but still try to catch
beginning with any alphabetic character, a advisory number and an
iteration of the advisory.
While this is still not a perfect solution it should help with
advisories generated in extended instances.
Co-developed-by: Santiago Ruano Rincón <santiago at freexian.com>
Link: https://security-team.debian.org/security_tracker.html#setting-up-an-extended-instance
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
1719ee1b by Salvatore Bonaccorso at 2025-08-20T18:15:03+02:00
Track proposed waitress update via bookworm-pu
- - - - -
f6651546 by Moritz Mühlenhoff at 2025-08-20T20:37:08+02:00
firefox-esr DSA
- - - - -
e83b8884 by Moritz Muehlenhoff at 2025-08-20T20:48:21+02:00
bookworm/trixie triage
- - - - -
da0010b1 by security tracker role at 2025-08-20T20:13:46+00:00
automatic update
- - - - -
5c7b7d3f by security tracker role at 2025-08-20T20:16:01+00:00
automatic NOT-FOR-US entries update
- - - - -
f9438ba3 by Salvatore Bonaccorso at 2025-08-20T22:27:44+02:00
Process some NFUs
- - - - -
1bd93d41 by Salvatore Bonaccorso at 2025-08-20T22:37:40+02:00
Add new issues for intellij-idea, itp'ed
- - - - -
a2c2ed55 by Salvatore Bonaccorso at 2025-08-20T22:38:25+02:00
Process some NFUs
- - - - -
5f25c840 by Salvatore Bonaccorso at 2025-08-20T22:39:50+02:00
Merge branch 'advisory-template-ignore'
- - - - -
09da250f by Moritz Muehlenhoff at 2025-08-20T22:50:29+02:00
new tika issue
- - - - -
978809cc by Moritz Muehlenhoff at 2025-08-20T23:28:28+02:00
trixie triage
- - - - -
697eb5b6 by Daniel Leidert at 2025-08-21T04:02:48+02:00
Triage CVE-2025-47806, CVE-2025-47807, and CVE-2025-47808 in gst-plugins-base1.0 for Bullseye
- - - - -
d6c681ce by Daniel Leidert at 2025-08-21T04:40:02+02:00
Triage CVE-2025-47183 and CVE-2025-47219 in gst-plugins-good1.0 for Bullseye
- - - - -
e547ad9f by Daniel Leidert at 2025-08-21T04:51:24+02:00
Add note for intel-microcode
- - - - -
c6f70ff3 by Daniel Leidert at 2025-08-21T04:59:09+02:00
dla-needed.txt: Add thunderbird
- - - - -
87b3d565 by Andres Salomon at 2025-08-21T01:25:52-04:00
chromium dsa
- - - - -
3f229391 by Salvatore Bonaccorso at 2025-08-21T07:31:25+02:00
Track fixed version for CVE-2025-9132/chromium via unstable
- - - - -
556e7231 by Salvatore Bonaccorso at 2025-08-21T08:06:19+02:00
Add CVE-2025-5115/jetty
- - - - -
db5a1edb by Salvatore Bonaccorso at 2025-08-21T08:11:30+02:00
Process some NFUs
- - - - -
489e0adc by Salvatore Bonaccorso at 2025-08-21T08:12:21+02:00
Add tracking of two Movable Type CVEs
- - - - -
6d7eb55c by Moritz Muehlenhoff at 2025-08-21T09:58:58+02:00
add tika commit reference
- - - - -
e863f60e by security tracker role at 2025-08-21T08:12:50+00:00
automatic update
- - - - -
0b3db992 by security tracker role at 2025-08-21T08:14:37+00:00
automatic NOT-FOR-US entries update
- - - - -
fc8ff730 by Moritz Muehlenhoff at 2025-08-21T10:18:01+02:00
NFUs
- - - - -
8f654e5b by Moritz Muehlenhoff at 2025-08-21T10:51:37+02:00
auto-nfu: Add Softing
Total CVEs from Softing: 1
Total CVEs from Softing with packages assigned: 0
Scope: Softing issues only.
- - - - -
86021bb9 by Moritz Muehlenhoff at 2025-08-21T10:57:01+02:00
new node-sha.js issue
- - - - -
ad074981 by Moritz Muehlenhoff at 2025-08-21T12:21:00+02:00
new node-cipher-base issue
- - - - -
f3076248 by Moritz Muehlenhoff at 2025-08-21T12:24:04+02:00
NFUs
- - - - -
a195f87e by Salvatore Bonaccorso at 2025-08-21T12:47:15+02:00
Add temporary entry for OSSN-0094 issues
- - - - -
44e5594f by Salvatore Bonaccorso at 2025-08-21T12:58:15+02:00
Track fixed version for OSSN-0094/watcher via unstable
- - - - -
d1977fd6 by Emilio Pozuelo Monfort at 2025-08-21T13:04:48+02:00
Reserve DLA-4277-1 for firefox-esr
- - - - -
60bba163 by Emilio Pozuelo Monfort at 2025-08-21T13:05:05+02:00
lts: take thunderbird
- - - - -
d31f0203 by Moritz Muehlenhoff at 2025-08-21T13:36:55+02:00
update status for CVE-2025-5262
- - - - -
464051b8 by Moritz Muehlenhoff at 2025-08-21T14:22:11+02:00
disassociate CVE-2017-0641 from libvpx
- - - - -
152ae346 by Santiago Ruano Rincón at 2025-08-21T09:51:43-03:00
Add qemu to dla-needed.txt and claim it
- - - - -
2f8ff5ad by Moritz Muehlenhoff at 2025-08-21T16:11:59+02:00
bookworm/trixie triage
- - - - -
45dd9a41 by Moritz Muehlenhoff at 2025-08-21T17:22:45+02:00
trixie/bookworm triage
- - - - -
954cdfb9 by Salvatore Bonaccorso at 2025-08-21T17:41:56+02:00
Track proposed rabbitmq-server update via trixie-pu
- - - - -
d8bc9fba by Moritz Mühlenhoff at 2025-08-21T19:42:03+02:00
squid DSA
- - - - -
b33f939d by Salvatore Bonaccorso at 2025-08-21T20:11:18+02:00
CVe-2025-54988: Add reference from 3.2.2
- - - - -
41dd5be4 by Salvatore Bonaccorso at 2025-08-21T20:12:13+02:00
Remove trailing whitespaces
- - - - -
49566ba3 by Salvatore Bonaccorso at 2025-08-21T20:27:27+02:00
Add Debian bug reference for CVE-2025-54988/tika
- - - - -
d2cbe548 by Salvatore Bonaccorso at 2025-08-21T20:34:15+02:00
Reference pull request for CVE-2024-39133
- - - - -
4691c53d by Daniel Leidert at 2025-08-21T20:49:21+02:00
DSA 5982-1 released for squid
- - - - -
6d7aac8e by Salvatore Bonaccorso at 2025-08-21T20:51:30+02:00
Add Debian bug reference for jetty issue CVE-2025-5115
- - - - -
51ecf6d8 by Salvatore Bonaccorso at 2025-08-21T20:54:18+02:00
Reference upstream commit for CVE-2025-9288
- - - - -
aa20f3ce by Salvatore Bonaccorso at 2025-08-21T21:02:56+02:00
Add upstream commit reference for CVE-2025-9287
- - - - -
bd511cbe by Salvatore Bonaccorso at 2025-08-21T21:04:27+02:00
Add Debian bug reference for CVE-2025-9288
- - - - -
d9a79dea by Salvatore Bonaccorso at 2025-08-21T21:05:12+02:00
Add Debian bug reference for CVE-2025-9287/node-cipher-base
- - - - -
549b6f2e by Salvatore Bonaccorso at 2025-08-21T21:07:14+02:00
Add cpp-httplib to dsa-needed
- - - - -
e3983cb6 by Daniel Leidert at 2025-08-21T21:30:14+02:00
Add commit that fixes CVE-2025-53101 for imagemagick v6
- - - - -
12073c30 by Daniel Leidert at 2025-08-21T21:34:29+02:00
dla-needed: Add imagemagick
- - - - -
ce1aa464 by Salvatore Bonaccorso at 2025-08-21T21:40:58+02:00
Both CVE-2025-54363 and CVE-2025-54364 now reference same upstream issue
- - - - -
4921aa78 by Salvatore Bonaccorso at 2025-08-21T21:59:57+02:00
Add Debian bug reference for two knack CVEs
- - - - -
4416eeab by security tracker role at 2025-08-21T20:12:08+00:00
automatic update
- - - - -
14ad1181 by security tracker role at 2025-08-21T20:13:46+00:00
automatic NOT-FOR-US entries update
- - - - -
bbea8f7f by Salvatore Bonaccorso at 2025-08-21T22:20:53+02:00
Process some NFUs
- - - - -
12a7df2e by Salvatore Bonaccorso at 2025-08-21T22:21:30+02:00
Add CVE-2025-9308/node-yarnpkg
- - - - -
3a1aa74b by Salvatore Bonaccorso at 2025-08-21T22:23:37+02:00
Add CVE-2025-9301/cmake
- - - - -
3b79895b by Salvatore Bonaccorso at 2025-08-21T22:24:57+02:00
Add two new mattermost-server issues, itp'ed
- - - - -
d0d32e8d by Salvatore Bonaccorso at 2025-08-21T22:25:26+02:00
Add CVE-2025-57751/pyload, itp'ed
- - - - -
a73cdc70 by Salvatore Bonaccorso at 2025-08-21T22:29:10+02:00
Add CVE-2025-9300/libsixel
- - - - -
ae05a5e4 by Salvatore Bonaccorso at 2025-08-21T22:42:47+02:00
Add CVE-2025-7969/node-markdown-it
- - - - -
ea2845c9 by Salvatore Bonaccorso at 2025-08-21T22:44:38+02:00
Process some NFUs
- - - - -
ab18b836 by Salvatore Bonaccorso at 2025-08-21T22:51:56+02:00
auto-nfu: Add more products for Esri CNA
- - - - -
efeb32d6 by Salvatore Bonaccorso at 2025-08-21T23:12:44+02:00
Process some NFUs
- - - - -
ab380f8a by Salvatore Bonaccorso at 2025-08-21T23:19:35+02:00
Add CVE-2025-48956/vllm, itp'ed
- - - - -
55256eb5 by Salvatore Bonaccorso at 2025-08-21T23:21:44+02:00
Track fixed version for thunderbird via unstable
- - - - -
acb98bf9 by Salvatore Bonaccorso at 2025-08-21T23:24:48+02:00
Track fixed version for CVE-2025-8860/qemu via unstable
- - - - -
b18649ac by Salvatore Bonaccorso at 2025-08-21T23:52:35+02:00
Add CVE-2025-52194/libsndfile
- - - - -
dddc7d95 by Salvatore Bonaccorso at 2025-08-22T05:58:43+02:00
Track fixed version for CVE-2025-9287/node-cipher-base via unstable
- - - - -
81200571 by Salvatore Bonaccorso at 2025-08-22T06:06:04+02:00
Track fixed version for CVE-2025-54119 via unstable
- - - - -
fd74f13c by Salvatore Bonaccorso at 2025-08-22T08:14:29+02:00
Remove some notes from CVEs which got withdrawn
- - - - -
0efde36c by Moritz Muehlenhoff at 2025-08-22T09:03:07+02:00
NFU, concludes external check
- - - - -
c1adf752 by Moritz Muehlenhoff at 2025-08-22T09:14:07+02:00
firefox fixed in sid
- - - - -
a8397ff7 by security tracker role at 2025-08-22T08:12:04+00:00
automatic update
- - - - -
d767d171 by security tracker role at 2025-08-22T08:12:55+00:00
automatic NOT-FOR-US entries update
- - - - -
af801236 by Salvatore Bonaccorso at 2025-08-22T10:18:14+02:00
Process some NFUs
- - - - -
342b0660 by Salvatore Bonaccorso at 2025-08-22T10:20:06+02:00
Process more NFUs
- - - - -
b02f7a13 by Moritz Muehlenhoff at 2025-08-22T11:16:30+02:00
bookworm/trixie triage
- - - - -
a287b3fa by Abhijith PA at 2025-08-22T15:59:45+05:50
LTS: claim libphp-adodb in dla-needed.txt
- - - - -
76d9c07e by Moritz Muehlenhoff at 2025-08-22T12:30:22+02:00
disassociate CVE-2017-17520 from src:tin
- - - - -
89907cdf by Emilio Pozuelo Monfort at 2025-08-22T12:54:21+02:00
lts: add firefox-esr for 140
- - - - -
c02a22d6 by Moritz Muehlenhoff at 2025-08-22T13:26:18+02:00
update fixed version for historic sqwebmail issue, thanks for Soeren Stoutner for following up
- - - - -
f9432085 by Moritz Muehlenhoff at 2025-08-22T13:49:13+02:00
trixie triage
- - - - -
0a5803b6 by Moritz Muehlenhoff at 2025-08-22T14:37:53+02:00
shaarli fixed in sid
- - - - -
b49da9e6 by Moritz Muehlenhoff at 2025-08-22T15:09:31+02:00
disassociate various old bogus dnsmasq issues from src:dnsmasq
- - - - -
efba3e43 by Daniel Leidert at 2025-08-22T15:27:20+02:00
lts: mark CVE-2025-53537/libhtp postponed
- - - - -
d5d939cc by Daniel Leidert at 2025-08-22T15:27:20+02:00
dla-needed: add modsecurity-apache
- - - - -
83a2e85d by Salvatore Bonaccorso at 2025-08-22T17:01:41+02:00
Merge Linux CVEs from kernel-sec
- - - - -
76c03352 by Chris Lamb at 2025-08-22T09:13:23-07:00
Reserve DLA-4278-1 for mupdf
- - - - -
abdb167a by Adrian Bunk at 2025-08-22T19:33:31+03:00
dla: take modsecurity-apache
- - - - -
617cf43a by Moritz Mühlenhoff at 2025-08-22T18:49:55+02:00
libfcgi spu
- - - - -
80e2ca0e by Salvatore Bonaccorso at 2025-08-22T19:18:46+02:00
Merge Linux changes from kernel-sec
- - - - -
23d76465 by Salvatore Bonaccorso at 2025-08-22T19:26:09+02:00
Merge Linux CVEs from kernel-sec
- - - - -
4a8d5920 by Moritz Muehlenhoff at 2025-08-22T20:35:23+02:00
new qemu issue
- - - - -
2b1dd1c9 by Moritz Mühlenhoff at 2025-08-22T20:38:49+02:00
qemu DSA
- - - - -
9b16bc53 by Salvatore Bonaccorso at 2025-08-22T20:55:57+02:00
Remove todo item for CVE-2025-24975
- - - - -
eaba9d67 by Salvatore Bonaccorso at 2025-08-22T21:05:27+02:00
Add Debian bug reference for qemu issue
- - - - -
1b735bec by Salvatore Bonaccorso at 2025-08-22T21:06:04+02:00
Fix small typo in temporary description for qemu issue
- - - - -
67d10f2f by Salvatore Bonaccorso at 2025-08-22T21:31:04+02:00
Add note for watcher and nova temporary entry
Actually it is more a hardening measure and does not warrant a CVE
assigned (not considered a security vulnerability) and thus might get
dropped from the list.
- - - - -
1cca310d by Daniel Leidert at 2025-08-22T21:41:36+02:00
dla-needed: add clamav as requested by @topodelapradera on IRC
- - - - -
fe7adaa6 by security tracker role at 2025-08-22T20:12:43+00:00
automatic update
- - - - -
01c3cd81 by security tracker role at 2025-08-22T20:14:22+00:00
automatic NOT-FOR-US entries update
- - - - -
ba9ba947 by Salvatore Bonaccorso at 2025-08-22T22:24:14+02:00
Process some NFUs
- - - - -
9352c338 by Salvatore Bonaccorso at 2025-08-22T22:41:38+02:00
Process some NFUs
- - - - -
9892ac32 by Salvatore Bonaccorso at 2025-08-22T22:42:16+02:00
Add two new log4cxx issues
- - - - -
f5f40673 by Salvatore Bonaccorso at 2025-08-22T22:42:44+02:00
Add CVE-2025-29366/mupen64plus-core
- - - - -
39313fe2 by Salvatore Bonaccorso at 2025-08-22T22:45:26+02:00
Add CVE-2025-29365/spim
- - - - -
73277495 by Salvatore Bonaccorso at 2025-08-22T22:46:14+02:00
Add CVE-2022-45134/mahara
- - - - -
1330bf2c by Salvatore Bonaccorso at 2025-08-22T23:01:22+02:00
Fix reason for nvidia-open-gpu-kernel-modules in bookworm's no-dsa
- - - - -
4a48faf7 by Daniel Leidert at 2025-08-23T00:32:23+02:00
Add link to github issue that tracks behavior mentioned in CVE-2025-50817
To me, it seems more like a bug that can lead to unexpected results than a
vulnerability. If an attacker can write to sys.path or into the project's
directory, they can already change code.
- - - - -
604f6889 by Daniel Leidert at 2025-08-23T00:35:29+02:00
dla-needed: add node-cipher-base
DSA in progress
- - - - -
33065667 by Daniel Leidert at 2025-08-23T00:39:56+02:00
dla-needed: add firebird3.0
- - - - -
ab87cbe8 by Adrian Bunk at 2025-08-23T02:29:01+03:00
CVE-2025-53689/jackrabbit does not affect the binary package
- - - - -
abe6817b by Adrian Bunk at 2025-08-23T02:58:47+03:00
dla: take node-cipher-base
- - - - -
ab17fe26 by Adrian Bunk at 2025-08-23T03:30:57+03:00
dla: take firebird3.0
- - - - -
b7110128 by Daniel Leidert at 2025-08-23T02:32:17+02:00
lts: mark CVE-2025-54363,CVE-2025-54364/knack postponed
Follow secteam triage; minor issue
- - - - -
cd1ebc5d by Daniel Leidert at 2025-08-23T02:32:18+02:00
lts: triage CVE-2025-46206/mupdf for Bullseye
Mark as postponed. Minor issue that can lead to a local DoS.
- - - - -
73536843 by Daniel Leidert at 2025-08-23T02:32:19+02:00
lts: triage CVE-2025-9136/retroarch for Bullseye
Follow secteam triage. Minor issue.
- - - - -
6ee16fb2 by Salvatore Bonaccorso at 2025-08-23T08:33:42+02:00
Update status for CVE-2025-53689
In future this then can be covered by the nonissue state itself.
- - - - -
3138bd0e by Salvatore Bonaccorso at 2025-08-23T08:40:22+02:00
auto-nfu: Add another covered product for Apache CNA
- - - - -
ab3b889d by Salvatore Bonaccorso at 2025-08-23T08:41:22+02:00
Process some NFUs
- - - - -
1b56c762 by security tracker role at 2025-08-23T08:11:57+00:00
automatic update
- - - - -
4e4df59b by security tracker role at 2025-08-23T08:12:53+00:00
automatic NOT-FOR-US entries update
- - - - -
58f22cdb by Moritz Muehlenhoff at 2025-08-23T10:18:08+02:00
NFUs
- - - - -
a9de1fa5 by Salvatore Bonaccorso at 2025-08-23T10:19:29+02:00
Add CVE-2022-45133/mahara
- - - - -
efe94b8c by Salvatore Bonaccorso at 2025-08-23T10:27:41+02:00
Add Debian bug reference for CVE-2025-52194/libsndfile
- - - - -
c6d2774e by Salvatore Bonaccorso at 2025-08-23T10:28:34+02:00
Add Debian bug reference for CVE-2025-9300/libsixel
- - - - -
c363e7b8 by Salvatore Bonaccorso at 2025-08-23T10:33:22+02:00
Add Debian bug reference for CVE-2025-9165/tiff
- - - - -
62c4f6b0 by Salvatore Bonaccorso at 2025-08-23T10:35:07+02:00
Add Debian bug references for log4cxx issues
- - - - -
220d9817 by Moritz Muehlenhoff at 2025-08-23T18:23:14+02:00
bookworm/trixie triage
- - - - -
27292758 by security tracker role at 2025-08-23T20:12:06+00:00
automatic update
- - - - -
fdc66743 by security tracker role at 2025-08-23T20:13:08+00:00
automatic NOT-FOR-US entries update
- - - - -
678cc89c by Daniel Leidert at 2025-08-24T01:31:43+02:00
lts: triage CVE-2025-7969/node-markdown-it
Upstream disputes issue. Add links to Github issue and advisory.
- - - - -
11e1fd43 by Daniel Leidert at 2025-08-24T02:00:03+02:00
lts: triage CVE-2025-9308/node-yarnpkg for Bullseye
Mark as postponed. Minor issue that can produce a local DoS similar to
CVE-2025-8262 (same submitter as well). Follow triage of CVE-2025-8262.
- - - - -
a3d6f623 by Daniel Leidert at 2025-08-24T02:09:47+02:00
lts: triage CVE-2015-1554/kgb-bot
Mark as ignored. This has not been reproduced by third parties since the issue
has been reported. Thus, it has been ignored. Reflect that in the LTS triage.
- - - - -
a1925a75 by Daniel Leidert at 2025-08-24T02:20:36+02:00
Add links for CVE-2024-44905/golang-gopkg-pg.v5
- - - - -
70317b2a by Daniel Leidert at 2025-08-24T03:12:17+02:00
lts: add patch link for CVE-2024-4227/gsoap
- - - - -
1d8eca5f by Daniel Leidert at 2025-08-24T03:44:23+02:00
lts: triage CVE-2025-54880,CVE-2025-54881/node-mermaid for Bullseye
Issues don't affect Bullseye. Issues were introduced in v11.1.0 and in v10.9.0.
- - - - -
83c85449 by Salvatore Bonaccorso at 2025-08-24T08:37:22+02:00
Remove one reference for CVE-2025-7969
Remove the one reference to the advisory site. Issue is disupted as
having security impact from upstream so mark it now at least as
unimportant.
Thanks: Daniel Leidert for the triage.
- - - - -
46d47f94 by Salvatore Bonaccorso at 2025-08-24T09:00:22+02:00
Add Debian bug reference for CVE-2024-44905
- - - - -
d5aa8ad4 by security tracker role at 2025-08-24T08:12:08+00:00
automatic update
- - - - -
eda3feb7 by security tracker role at 2025-08-24T08:13:43+00:00
automatic NOT-FOR-US entries update
- - - - -
d6e79116 by Salvatore Bonaccorso at 2025-08-24T13:19:34+02:00
Process NFUs
- - - - -
ebaa7eee by Salvatore Bonaccorso at 2025-08-24T14:15:27+02:00
Track fixed version for two tiff issues
- - - - -
9b7a00b3 by Moritz Mühlenhoff at 2025-08-24T14:21:27+02:00
nvidia-open-gpu-kernel-modules ospu
- - - - -
0d468152 by Moritz Mühlenhoff at 2025-08-24T14:29:44+02:00
thunderbird DSA
- - - - -
6514b1f2 by Moritz Mühlenhoff at 2025-08-24T14:55:56+02:00
gst-plugins-base1.0 ospu
- - - - -
9b4e5d65 by Guilhem Moulin at 2025-08-24T15:27:55+02:00
CVE-2024-4316[78]/unbound: Add links to follow-up commits
- - - - -
df8bf37b by Moritz Mühlenhoff at 2025-08-24T16:10:16+02:00
botan ospu
- - - - -
80742738 by Emilio Pozuelo Monfort at 2025-08-24T16:28:25+02:00
Reserve DLA-4279-1 for thunderbird
- - - - -
a27d6cf9 by Salvatore Bonaccorso at 2025-08-24T20:56:39+02:00
CVE-2025-8941: temporarily reference question to Red Hat about scope
- - - - -
460669b6 by Moritz Mühlenhoff at 2025-08-24T21:20:19+02:00
libsndfile ospu
- - - - -
f0252158 by Guilhem Moulin at 2025-08-24T21:27:55+02:00
Reserve DLA-4280-1 for unbound
- - - - -
b8833640 by Daniel Leidert at 2025-08-24T21:32:27+02:00
dla-needed: add libsndfile
- - - - -
09e2297a by Daniel Leidert at 2025-08-24T21:37:10+02:00
lts: triage CVE-2022-33064/libsndfile for Bullseye
Upstream issue shows multiple reports that this is a false-positive.
- - - - -
4ad6f282 by Adrian Bunk at 2025-08-24T23:52:21+03:00
Reserve DLA-4281-1 for iperf3
- - - - -
f15103de by Daniel Leidert at 2025-08-25T03:25:53+02:00
lts: triage CVE-2025-29366/mupen64plus-core
Add links to various PRs that fix the various issues reported at
<https://github.com/Giles-one/mupen64plusEscape/tree/main/> (which are more
than just one; I don't know why only one of them got a CVE assigned)
- - - - -
232c3114 by Guilhem Moulin at 2025-08-25T03:42:41+02:00
CVE-2020-24372/luajit: Add link to fixing commits and fixed version
Upstream reports this was fixed on 2020-08-09 and indeed the 20220320
git snapshot used in bookworm is not affected.
The fixing commits were confirmed via bisecting.
- - - - -
cbf946d5 by Salvatore Bonaccorso at 2025-08-25T08:27:05+02:00
Demote CVE-2025-5436{3,4}/knack to unimportant
- - - - -
1e8deb12 by Salvatore Bonaccorso at 2025-08-25T08:29:11+02:00
Track fixed version for CVE-2025-7462/ghostscript
- - - - -
f93e2266 by security tracker role at 2025-08-25T08:12:00+00:00
automatic update
- - - - -
f9a94287 by security tracker role at 2025-08-25T08:12:50+00:00
automatic NOT-FOR-US entries update
- - - - -
9d342043 by Salvatore Bonaccorso at 2025-08-25T10:16:37+02:00
Process new NFUs
- - - - -
be461058 by Salvatore Bonaccorso at 2025-08-25T10:17:04+02:00
Add CVE-2025-9405/open5gs, itp'ed
- - - - -
1fda2404 by Salvatore Bonaccorso at 2025-08-25T10:24:33+02:00
Add two new vim issues
- - - - -
70c5392b by Salvatore Bonaccorso at 2025-08-25T10:46:42+02:00
Add CVE-2025-9394/libpodofo
- - - - -
97109cf5 by Salvatore Bonaccorso at 2025-08-25T10:58:43+02:00
Add three new tcpreplay issues
- - - - -
e637bc85 by Moritz Muehlenhoff at 2025-08-25T13:05:53+02:00
bookworm/trixie triage
- - - - -
e0dfdb27 by Moritz Muehlenhoff at 2025-08-25T13:08:19+02:00
golang-github-gin-contrib-cors fixed in sid
- - - - -
d4c66b5a by Aron Xu at 2025-08-25T19:48:39+08:00
take imagemagick
- - - - -
bbe8641e by Moritz Muehlenhoff at 2025-08-25T13:58:13+02:00
new biosig issues
- - - - -
b16b6090 by Adrian Bunk at 2025-08-25T15:18:25+03:00
Reserve DLA-4282-1 for firebird3.0
- - - - -
88d55e20 by Roberto C. Sánchez at 2025-08-25T08:55:30-04:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Roberto C. Sánchez <roberto at debian.org>
- - - - -
ab50fee1 by Adrian Bunk at 2025-08-25T16:14:33+03:00
dla: retake libhtp
- - - - -
07504dca by Lee Garrett at 2025-08-25T15:45:20+02:00
CVE-2025-48385 does not affect git/bullseye
- - - - -
f6e898ae by Daniel Leidert at 2025-08-25T15:51:48+02:00
LTS: claim pytorch in dla-needed.txt
- - - - -
5dfdc98b by Daniel Leidert at 2025-08-25T15:52:03+02:00
LTS: claim u-boot in dla-needed.txt
- - - - -
ab57253a by Adrian Bunk at 2025-08-25T16:53:43+03:00
ruby-saml: Add notes regarding the relationship between CVE-2025-54572 and CVE-2025-25293
- - - - -
ea41c7ae by Andrej Shadura at 2025-08-25T16:12:45+02:00
LTS: Mark CVE-2024-45157, CVE-2025-27809, CVE-2025-27810 as not actionable
- - - - -
3a8cadab by Moritz Mühlenhoff at 2025-08-25T20:06:50+02:00
ffmpeg DSA
- - - - -
59e2c5a2 by Moritz Mühlenhoff at 2025-08-25T20:25:44+02:00
golang-github-gin-contrib-cors spu/ospu
- - - - -
cf8abfa7 by Moritz Mühlenhoff at 2025-08-25T20:28:03+02:00
firebird3.0 spu/ospu
- - - - -
188d3657 by security tracker role at 2025-08-25T20:12:54+00:00
automatic update
- - - - -
009eb43b by security tracker role at 2025-08-25T20:14:25+00:00
automatic NOT-FOR-US entries update
- - - - -
c2c11b17 by Salvatore Bonaccorso at 2025-08-25T22:21:04+02:00
Process some NFUs
- - - - -
c518020b by Moritz Mühlenhoff at 2025-08-25T22:36:52+02:00
gst-plugins-good1.0 ospu
- - - - -
b6de0c9f by Salvatore Bonaccorso at 2025-08-25T22:38:16+02:00
Add more biosig issues
- - - - -
1cb2d303 by Salvatore Bonaccorso at 2025-08-25T22:38:16+02:00
Add some NFUs
- - - - -
bfa2169c by Salvatore Bonaccorso at 2025-08-25T22:38:16+02:00
Add CVE-2025-9403/jq
- - - - -
b2532499 by Thorsten Alteholz at 2025-08-25T23:27:36+02:00
claim suricata
- - - - -
d602dc91 by Guilhem Moulin at 2025-08-25T23:47:27+02:00
Reserve DLA-4283-1 for luajit
- - - - -
ed569fb4 by Salvatore Bonaccorso at 2025-08-26T06:22:51+02:00
Reference discussion about CVE-2005-1308 with upstream
- - - - -
3df61181 by Salvatore Bonaccorso at 2025-08-26T07:55:41+02:00
Track proposed update for luajit via bookworm-pu
- - - - -
1cab5945 by Salvatore Bonaccorso at 2025-08-26T08:04:39+02:00
Mark CVE-2025-7458/sqlite3 as no-dsa
- - - - -
2e6aeb50 by Salvatore Bonaccorso at 2025-08-26T08:17:53+02:00
Add unbound to dsa-needed list
- - - - -
9ca5a90c by Salvatore Bonaccorso at 2025-08-26T08:18:19+02:00
Remove no-dsa entries for unbound as they will get an update
- - - - -
a1e389c3 by Salvatore Bonaccorso at 2025-08-26T08:28:34+02:00
CVE-2025-54989: Add ZDI reference
- - - - -
acf84fcb by Salvatore Bonaccorso at 2025-08-26T08:35:57+02:00
Process two NFUs (external check)
- - - - -
723678b2 by Salvatore Bonaccorso at 2025-08-26T08:47:06+02:00
Add new src:sail issues from TALOS reports
- - - - -
bbe45f53 by security tracker role at 2025-08-26T08:12:08+00:00
automatic update
- - - - -
fd26ffc7 by security tracker role at 2025-08-26T08:12:59+00:00
automatic NOT-FOR-US entries update
- - - - -
759a2632 by Salvatore Bonaccorso at 2025-08-26T10:53:01+02:00
Process some NFUs
- - - - -
0fe091ce by Moritz Muehlenhoff at 2025-08-26T11:06:59+02:00
trixie/bookworm triage
- - - - -
9492ff1f by Moritz Muehlenhoff at 2025-08-26T11:11:24+02:00
NFUs
- - - - -
8ebf659d by Moritz Muehlenhoff at 2025-08-26T11:21:25+02:00
nginx fixed in sid
- - - - -
996d408a by Moritz Muehlenhoff at 2025-08-26T11:23:47+02:00
libcoap3 fixed in sid
- - - - -
93c2e3db by Moritz Muehlenhoff at 2025-08-26T12:18:05+02:00
modsecurity-apache ospu/spu
- - - - -
511a9a04 by Moritz Muehlenhoff at 2025-08-26T12:47:54+02:00
bookworm/trixie triage
- - - - -
e0392cd5 by Emilio Pozuelo Monfort at 2025-08-26T13:02:25+02:00
lts: tiff issues postponed/ignored
- - - - -
905b9996 by Moritz Muehlenhoff at 2025-08-26T14:20:56+02:00
trixie/bookworm triage
- - - - -
8208075b by Salvatore Bonaccorso at 2025-08-26T14:37:12+02:00
Adjust NFU note
- - - - -
1107e19c by Emilio Pozuelo Monfort at 2025-08-26T14:39:07+02:00
lts-cve-triage: fix crash when sid is unfixed
- - - - -
ff76492b by Emilio Pozuelo Monfort at 2025-08-26T14:40:33+02:00
Pass FD to Bastien
- - - - -
a6b81137 by Salvatore Bonaccorso at 2025-08-26T17:21:23+02:00
Reference 3.6.3 commit for CVE-2025-27810
- - - - -
6e1943cb by Salvatore Bonaccorso at 2025-08-26T17:21:44+02:00
CVE-2025-27809: Add reference to commit for 3.6.3
- - - - -
2a8643bf by Salvatore Bonaccorso at 2025-08-26T17:24:47+02:00
Add CVE-2025-38676/linux
- - - - -
b554ca80 by Moritz Mühlenhoff at 2025-08-26T20:24:49+02:00
node-cipher-base DSA
- - - - -
e15ed8cc by Moritz Mühlenhoff at 2025-08-26T20:38:43+02:00
libtpms ospu
- - - - -
4a4393a3 by Salvatore Bonaccorso at 2025-08-26T20:40:55+02:00
Track proposed update for sqlite3 via bookworm-pu
- - - - -
9d70220b by Salvatore Bonaccorso at 2025-08-26T20:52:11+02:00
Add CVE-2025-57804/python-h2
- - - - -
7b7b5465 by Salvatore Bonaccorso at 2025-08-26T20:54:35+02:00
Process some NFUs
- - - - -
58eb2ef2 by Salvatore Bonaccorso at 2025-08-26T20:55:27+02:00
Add two new Mahara issues
- - - - -
9d35759e by Salvatore Bonaccorso at 2025-08-26T21:27:45+02:00
Add Debian bug references for biosig issues
- - - - -
9c6b0ffb by security tracker role at 2025-08-26T20:12:49+00:00
automatic update
- - - - -
206f47df by security tracker role at 2025-08-26T20:13:44+00:00
automatic NOT-FOR-US entries update
- - - - -
04d94deb by Salvatore Bonaccorso at 2025-08-26T22:17:48+02:00
Add new chromium issue
- - - - -
f350f405 by Salvatore Bonaccorso at 2025-08-26T22:18:39+02:00
Add chromium to dsa-needed list
- - - - -
ac73cb1b by Salvatore Bonaccorso at 2025-08-26T22:26:17+02:00
Process some NFUs
- - - - -
401c5879 by Salvatore Bonaccorso at 2025-08-26T22:27:00+02:00
Add CVE-2025-57810/jspdf, itp'ed
- - - - -
aaae0b82 by Salvatore Bonaccorso at 2025-08-26T22:28:32+02:00
CVE-2025-55298/imagemagick assigned
- - - - -
cb063b12 by Salvatore Bonaccorso at 2025-08-26T22:29:45+02:00
CVE-2025-55212/imagemagick assigned
- - - - -
10e76968 by Salvatore Bonaccorso at 2025-08-26T22:33:34+02:00
Add CVE-2025-57803/imagemagick
- - - - -
ed770531 by Salvatore Bonaccorso at 2025-08-26T22:34:20+02:00
Remove notes about imagemagick issues not beeing public
- - - - -
6039f4cd by Salvatore Bonaccorso at 2025-08-26T22:43:13+02:00
Process some NFUs
- - - - -
c9b04645 by Salvatore Bonaccorso at 2025-08-26T22:44:02+02:00
Add new mahara issues
- - - - -
f8d55860 by Salvatore Bonaccorso at 2025-08-26T22:55:26+02:00
Mark 6.1.148-1 as uploded for Debian bookworm as released
Any subsequent update of the bookworm version (be it a followup for
bookworm or bookworm-security will now be based on this released
version, thus it's safe to already mark it as released).
Given the huge amount of CVEs to track this is easier and does interfere
less with updates from the vulns.git repository once further CVEs are to
be assigned.
While technically not fully correct to do it already in this point in
time it makes co-working with kernel-sec and the streams of Linux CVEs
manageable. Thus mirror the update already in kernel-sec which will be
compliant to our tracking once the point release has happened.
Link: https://salsa.debian.org/kernel-team/kernel-sec/-/commit/99e54d5bd8a14350337806250512c9ec955596c9
- - - - -
3b5f73f0 by Salvatore Bonaccorso at 2025-08-26T23:07:15+02:00
Merge Linux CVEs updates from kernel-sec
- - - - -
60d0feac by Bastien Roucariès at 2025-08-26T23:43:13+02:00
libpodofo/bullseye
Follow bookworm
- - - - -
315e23d1 by Bastien Roucariès at 2025-08-26T23:52:05+02:00
CVE-2025-8671/h2o bullseye
Follow bookworm
- - - - -
cfd5b2ba by Bastien Roucariès at 2025-08-26T23:56:45+02:00
CVE-2025-9300/libsixel bullseye
Follow bookworm
- - - - -
3c0e3b21 by Salvatore Bonaccorso at 2025-08-27T05:44:27+02:00
Process some NFUs
- - - - -
065d1ca5 by Salvatore Bonaccorso at 2025-08-27T05:53:10+02:00
auto-nfu: Add another product for NVIDIA rule
Apparently they use as well "NeMo Framework" as product name
additionally to the already covered one.
- - - - -
a92d54c2 by Salvatore Bonaccorso at 2025-08-27T05:53:56+02:00
Process some more NFUs
- - - - -
02413580 by Salvatore Bonaccorso at 2025-08-27T06:51:47+02:00
Update status for CVE-2025-55014/stardict
- - - - -
c0712970 by Salvatore Bonaccorso at 2025-08-27T07:10:26+02:00
Track fixed version for CVE-2025-9478/chromium via unstable
- - - - -
6dd06722 by Bastien Roucariès at 2025-08-27T09:29:34+02:00
dla-needed
python-future is superseded for bookworm and later, but risk analysis is different
for older release fix old no-dsa also
- - - - -
04741838 by Thorsten Alteholz at 2025-08-27T09:52:33+02:00
mark CVE-2023-51847 as not-affected in Bullseye, Bookworm, Trixie
- - - - -
1ec0c5bc by security tracker role at 2025-08-27T08:12:41+00:00
automatic update
- - - - -
a70d6c08 by security tracker role at 2025-08-27T08:14:18+00:00
automatic NOT-FOR-US entries update
- - - - -
5493f0f5 by Moritz Muehlenhoff at 2025-08-27T10:23:10+02:00
xwayland fixed in sid
- - - - -
94c46995 by Salvatore Bonaccorso at 2025-08-27T10:27:40+02:00
Process some NFUs
- - - - -
84be5896 by Salvatore Bonaccorso at 2025-08-27T10:28:39+02:00
auto-nfu: Cover one more NVIDIA product
- - - - -
ad005957 by Salvatore Bonaccorso at 2025-08-27T10:29:39+02:00
Process one more NFU
- - - - -
69594b3a by Salvatore Bonaccorso at 2025-08-27T10:42:44+02:00
Mark 6.12.43-1 as uploded for Debian trixie as released
Any subsequent update of the trixie version (be it a followup for trixie
or trixie-security will now be based on this released version, thus it's
safe to already mark it as released).
Given the huge amount of CVEs to track this is easier and does interfere
less with updates from the vulns.git repository once further CVEs are to
be assigned.
While technically not fully correct to do it already in this point in
time it makes co-working with kernel-sec and the streams of Linux CVEs
manageable. Thus mirror the update already in kernel-sec which will be
compliant to our tracking once the point release has happened.
Link: https://salsa.debian.org/kernel-team/kernel-sec/-/commit/04fafb0ce2787a61467d9d5f7ed208968a41416f
- - - - -
43ab6121 by Salvatore Bonaccorso at 2025-08-27T11:02:22+02:00
Process some NFUs
- - - - -
ade824e4 by Salvatore Bonaccorso at 2025-08-27T11:02:45+02:00
Add two new mahara issues
- - - - -
f4486b39 by Moritz Muehlenhoff at 2025-08-27T12:07:00+02:00
NFUs
- - - - -
459447cf by Moritz Muehlenhoff at 2025-08-27T12:22:57+02:00
auto-nfu: Extend rule for Tenable
- - - - -
e71debb9 by Moritz Mühlenhoff at 2025-08-27T13:59:51+02:00
iperf3 spu/ospu
- - - - -
4e5b2fc5 by Bastien Roucariès at 2025-08-27T17:58:05+02:00
CVE-2025-53192/bullseye
follow bookworm postpone
- - - - -
be898da5 by Bastien Roucariès at 2025-08-27T19:48:44+02:00
bouncycastle/bullseye
Classify as postponed
- - - - -
629cb899 by Salvatore Bonaccorso at 2025-08-27T20:37:42+02:00
Add CVE-2025-58050/pcre2
- - - - -
2ace06bb by Salvatore Bonaccorso at 2025-08-27T21:54:42+02:00
Track proposed update for libarchive via bookworm-pu
- - - - -
c082885c by Salvatore Bonaccorso at 2025-08-27T22:02:19+02:00
Update status for CVE-2023-51847
- - - - -
e6fe2874 by security tracker role at 2025-08-27T20:12:54+00:00
automatic update
- - - - -
da8066d0 by security tracker role at 2025-08-27T20:13:48+00:00
automatic NOT-FOR-US entries update
- - - - -
6a80b1b9 by Salvatore Bonaccorso at 2025-08-27T22:15:12+02:00
Add CVE-2025-40779/isc-kea
- - - - -
fd0b7f30 by Lucas Kanashiro at 2025-08-27T17:18:39-03:00
data/dla-needed.txt: claim clamav
- - - - -
60212e65 by Salvatore Bonaccorso at 2025-08-27T22:20:22+02:00
Add references for CVE-2025-40779/isc-kea
- - - - -
e22d2526 by Salvatore Bonaccorso at 2025-08-27T22:28:07+02:00
Add Debian bug reference for CVE-2025-40779/isc-kea
- - - - -
38225ff2 by Salvatore Bonaccorso at 2025-08-27T22:37:56+02:00
Process some NFUs
- - - - -
6d28136b by Salvatore Bonaccorso at 2025-08-27T22:41:12+02:00
Add CVE-2025-53105/glpi
- - - - -
948f435a by Moritz Mühlenhoff at 2025-08-27T22:59:59+02:00
unbound DSA
- - - - -
2c5ed3b8 by Bastien Roucariès at 2025-08-27T23:15:48+02:00
Add jetty9 to dla-needed
CVE-2025-5115 aka made your reset
- - - - -
6645ecf0 by Andres Salomon at 2025-08-27T20:43:00-04:00
chromium dsa
- - - - -
1471f185 by Salvatore Bonaccorso at 2025-08-28T06:20:34+02:00
Update status for llhttp issue, entered the archive
- - - - -
2ff9dbf1 by Salvatore Bonaccorso at 2025-08-28T06:59:34+02:00
Track fixed version for CVE-2025-50420/poppler via unstable
- - - - -
d3cbb83c by Moritz Muehlenhoff at 2025-08-28T09:51:39+02:00
auto-nfu: Extend Cisco rule
- - - - -
c420ea2d by Moritz Muehlenhoff at 2025-08-28T09:58:39+02:00
new k8s issue
- - - - -
f271d512 by Moritz Muehlenhoff at 2025-08-28T10:11:52+02:00
pcre2 fixed in sid
- - - - -
63c62d88 by Salvatore Bonaccorso at 2025-08-28T13:04:27+02:00
Add CVE-2024-58240/linux
- - - - -
5d3f3b3b by Salvatore Bonaccorso at 2025-08-28T13:09:07+02:00
Add tracking bug for pcre2 issue
- - - - -
a9fef336 by Salvatore Bonaccorso at 2025-08-28T13:11:28+02:00
Track proposed pcre2 update via trixie-pu
- - - - -
a76af9b9 by Moritz Muehlenhoff at 2025-08-28T13:43:14+02:00
new gitlab issues
- - - - -
5c4dd88e by Moritz Muehlenhoff at 2025-08-28T14:09:00+02:00
mark LLVM 21 as fixed for CVE-2024-7883, LLVM 20 won't get uploaded to sid
- - - - -
f88b9296 by Moritz Muehlenhoff at 2025-08-28T14:58:22+02:00
bookworm/trixie triage
- - - - -
6242b69c by Salvatore Bonaccorso at 2025-08-28T17:49:08+02:00
Add CVE-2025-8067/udisks2
- - - - -
be34c187 by Bastien Roucariès at 2025-08-28T18:09:28+02:00
dla-needed: add udisks2
- - - - -
7deea5d1 by Thorsten Alteholz at 2025-08-28T18:50:33+02:00
Reserve DLA-4284-1 for udisks2
- - - - -
d4edab15 by Thorsten Alteholz at 2025-08-28T19:23:29+02:00
Reserve DLA-4285-1 for golang-github-gin-contrib-cors
- - - - -
2f4cd049 by Salvatore Bonaccorso at 2025-08-28T19:32:30+02:00
Track fixed version for CVE-2025-8067/udisks2 via unstable
- - - - -
02a54225 by Moritz Muehlenhoff at 2025-08-28T20:09:52+02:00
NFUs
- - - - -
6e93deb7 by Moritz Muehlenhoff at 2025-08-28T20:20:48+02:00
new rust-xcb issue
- - - - -
2b755ed5 by Salvatore Bonaccorso at 2025-08-28T20:24:09+02:00
Reserve DSA number for udisks2 update
- - - - -
6c6c2f53 by Salvatore Bonaccorso at 2025-08-28T21:36:54+02:00
Add Debian bug reference for CVE-2025-57804/python-h2
- - - - -
ee1a87b6 by Salvatore Bonaccorso at 2025-08-28T21:38:57+02:00
Add Debian bug reference for sail issues
- - - - -
cf971cd7 by Salvatore Bonaccorso at 2025-08-28T21:49:37+02:00
Correct assessment for CVE-2025-40779/isc-kea
Link: https://bugs.debian.org/1112247#10
Thanks: Paride Legovini
- - - - -
9a2bcbbc by security tracker role at 2025-08-28T20:12:50+00:00
automatic update
- - - - -
a629afbf by security tracker role at 2025-08-28T20:14:23+00:00
automatic NOT-FOR-US entries update
- - - - -
bd2733a5 by Salvatore Bonaccorso at 2025-08-28T22:16:21+02:00
Remove notes from CVE-2021-41874
CVE was withdrawn by the assigning CNA as further investigation showed
that it was not a security issue.
- - - - -
7a2c7465 by Salvatore Bonaccorso at 2025-08-28T22:24:48+02:00
Process some NFUs
- - - - -
8fbc1380 by Salvatore Bonaccorso at 2025-08-28T22:27:33+02:00
Add CVE-2025-57767/asterisk
- - - - -
180397a0 by Salvatore Bonaccorso at 2025-08-28T22:53:16+02:00
Add CVE-2025-54995/asterisk
- - - - -
1c7df978 by Salvatore Bonaccorso at 2025-08-28T23:14:21+02:00
Update status for CVE-2022-49266
- - - - -
a09bbd36 by Salvatore Bonaccorso at 2025-08-28T23:35:07+02:00
Correct status for CVE-2025-38676
- - - - -
40740587 by Salvatore Bonaccorso at 2025-08-29T04:36:03+02:00
Add CVE-2025-40927/libcgi-simple-perl
- - - - -
091f3dd8 by Salvatore Bonaccorso at 2025-08-29T04:43:07+02:00
Mark CVE-2025-40927 as no-dsa for trixie and bookworm
- - - - -
4b897b48 by Salvatore Bonaccorso at 2025-08-29T04:48:14+02:00
kanboard re-uploaded again into archive mark issues as unfixed for now
Retrigger checks/triage on those which were marked as removed from
usntable without having back then the resolution. Most of them should be
now addressed but needs to be reckecked explicitly.
- - - - -
01594de1 by Salvatore Bonaccorso at 2025-08-29T05:52:38+02:00
Track fixed version via unstable for CVE-2025-40927/libcgi-simple-perl
- - - - -
6a7a0a42 by Salvatore Bonaccorso at 2025-08-29T06:20:03+02:00
Update status for already fixed kanboard issues
More recent ones are only fixed in later versions not yet uploaded.
- - - - -
bc065f56 by Salvatore Bonaccorso at 2025-08-29T06:31:12+02:00
Add Debian bug references for kanboard issues
- - - - -
aa1baafa by Salvatore Bonaccorso at 2025-08-29T06:49:54+02:00
Track proposed updates for libcgi-simple-perl via {trixie,bookworm}-pu
- - - - -
7856660d by Moritz Muehlenhoff at 2025-08-29T08:46:32+02:00
NFUs
- - - - -
2c194776 by Aron Xu at 2025-08-29T15:07:03+08:00
Reserve DSA for CVE-2025-7425
- - - - -
1f608341 by Moritz Muehlenhoff at 2025-08-29T09:30:40+02:00
various assimp issues fixed in sid
- - - - -
416b8527 by security tracker role at 2025-08-29T08:12:05+00:00
automatic update
- - - - -
ea61183a by security tracker role at 2025-08-29T08:13:42+00:00
automatic NOT-FOR-US entries update
- - - - -
3edffe04 by Moritz Muehlenhoff at 2025-08-29T10:34:23+02:00
NFUs
- - - - -
cf1d5a23 by Salvatore Bonaccorso at 2025-08-29T10:37:39+02:00
Process some NFUs
- - - - -
ef76374f by Moritz Muehlenhoff at 2025-08-29T11:25:47+02:00
bookworm/trixie triage
- - - - -
3428c9ec by Moritz Mühlenhoff at 2025-08-29T13:26:55+02:00
libcoap3 spu
- - - - -
3ec0c264 by Moritz Mühlenhoff at 2025-08-29T13:31:40+02:00
nova/watcher spu
- - - - -
9814d204 by Moritz Muehlenhoff at 2025-08-29T15:08:59+02:00
bookworm/trixie triage
- - - - -
2b0741d0 by Salvatore Bonaccorso at 2025-08-29T16:14:10+02:00
Track proposed update for perl via bookworm-pu
- - - - -
31ea5b6e by Salvatore Bonaccorso at 2025-08-29T16:21:32+02:00
Adjust watcher for garget version, cf #1112282
- - - - -
76b5fac5 by Moritz Mühlenhoff at 2025-08-29T19:59:35+02:00
nginx spu/ospu
- - - - -
5d519ec1 by Moritz Mühlenhoff at 2025-08-29T20:00:13+02:00
nodejs DSA
- - - - -
a1ec9624 by Moritz Muehlenhoff at 2025-08-29T20:31:21+02:00
bookworm triage
- - - - -
de5fbcaf by Salvatore Bonaccorso at 2025-08-29T20:33:59+02:00
Note libxml2 mitigations for CVE-2025-7425 in libxslt
- - - - -
39fcd674 by Salvatore Bonaccorso at 2025-08-29T20:34:02+02:00
Add reference for libxslt only soluion for CVE-2025-7425
- - - - -
1063f3b5 by Salvatore Bonaccorso at 2025-08-29T20:40:32+02:00
Remove trailing empty line
- - - - -
bdd1bd0b by Bastien Roucariès at 2025-08-29T20:57:42+02:00
dla-needed: openafs-client
- - - - -
8065bb91 by Salvatore Bonaccorso at 2025-08-29T21:05:09+02:00
Update status for CVE-2025-9394/libpodofo
- - - - -
21592a22 by Salvatore Bonaccorso at 2025-08-29T21:17:59+02:00
Add Debian bug reference for CVE-2025-57803
- - - - -
b5854d7c by Salvatore Bonaccorso at 2025-08-29T21:20:02+02:00
Add Debian bug reference for CVE-2025-57767
- - - - -
6595ca37 by Salvatore Bonaccorso at 2025-08-29T21:31:49+02:00
Update status for CVE-2025-50518
- - - - -
10f70bd1 by Bastien Roucariès at 2025-08-29T21:34:12+02:00
Postpone CVE-2025-40927/bullseye
Follow bookworm
- - - - -
38befd97 by Salvatore Bonaccorso at 2025-08-29T21:54:39+02:00
CVE-2025-3016/assimp reference commited fix to master branch
- - - - -
567d4be4 by Salvatore Bonaccorso at 2025-08-29T22:04:31+02:00
Adjust reference for CVE-2024-48423
- - - - -
c3914e56 by security tracker role at 2025-08-29T20:14:47+00:00
automatic update
- - - - -
988f7dc1 by security tracker role at 2025-08-29T20:15:51+00:00
automatic NOT-FOR-US entries update
- - - - -
046accc0 by Salvatore Bonaccorso at 2025-08-29T22:21:34+02:00
Add Debian bug reference for rust-xcb issue
- - - - -
075e2257 by Salvatore Bonaccorso at 2025-08-29T22:33:15+02:00
Process some NFUs
- - - - -
cfb5fbf0 by Salvatore Bonaccorso at 2025-08-29T22:37:17+02:00
Add CVE-2025-55763/civetweb
- - - - -
8980b306 by Salvatore Bonaccorso at 2025-08-29T22:41:32+02:00
Associate source package for CVE-2018-12684 and add reference
- - - - -
963264c9 by Salvatore Bonaccorso at 2025-08-29T23:09:46+02:00
Add CVE-2025-9670/node-turndown
- - - - -
ddde45ca by Salvatore Bonaccorso at 2025-08-29T23:11:31+02:00
Add CVE-2025-9649/tcpreplay
- - - - -
d45f7448 by Salvatore Bonaccorso at 2025-08-29T23:12:59+02:00
Process some NFUs
- - - - -
c74ffc0e by Salvatore Bonaccorso at 2025-08-29T23:15:13+02:00
Add CVE-2025-55304/exiv2
- - - - -
f976a4fb by Salvatore Bonaccorso at 2025-08-29T23:15:57+02:00
Add CVE-2025-54080/exiv2
- - - - -
d8f036f6 by Salvatore Bonaccorso at 2025-08-29T23:16:46+02:00
Add CVE-2025-58058/golang-github-ulikunitz-xz
- - - - -
6178aa71 by Salvatore Bonaccorso at 2025-08-29T23:17:21+02:00
Add CVE-2025-29364/spim
- - - - -
c875a222 by Salvatore Bonaccorso at 2025-08-29T23:42:06+02:00
Track fixed version for CVE-2025-57767 via unstable
- - - - -
f2b0e2d6 by Carlos Henrique Lima Melara at 2025-08-29T22:50:26-03:00
CVE-2024-5594/openvpn: record regression and fixes on v2.6 and v2.5
- - - - -
d9606862 by Salvatore Bonaccorso at 2025-08-30T09:17:24+02:00
Merge branch 'add-more-info-CVE-2024-5594' into 'master'
CVE-2024-5594/openvpn: record regression and fixes on v2.6 and v2.5
See merge request security-tracker-team/security-tracker!241
- - - - -
9907255a by security tracker role at 2025-08-30T08:12:44+00:00
automatic update
- - - - -
45874f16 by security tracker role at 2025-08-30T08:14:25+00:00
automatic NOT-FOR-US entries update
- - - - -
f3b9fe7d by Salvatore Bonaccorso at 2025-08-30T10:25:31+02:00
Process new NFUs
- - - - -
b3786579 by Salvatore Bonaccorso at 2025-08-30T10:27:37+02:00
Add CVE-2025-58160/rust-tracing-subscriber
- - - - -
c0aaf924 by Salvatore Bonaccorso at 2025-08-30T10:29:01+02:00
Add CVE-2025-58068/python-eventlet
- - - - -
c9f0edb7 by Salvatore Bonaccorso at 2025-08-30T10:33:23+02:00
Add CVE-2025-58066/rust-ntpd
- - - - -
9bfb24af by Salvatore Bonaccorso at 2025-08-30T11:47:30+02:00
Add exiv2 bug references for issues
- - - - -
e45feb1c by Salvatore Bonaccorso at 2025-08-30T11:49:33+02:00
Add Debian bug reference for CVE-2025-55763
- - - - -
2a37a20c by Salvatore Bonaccorso at 2025-08-30T11:50:21+02:00
Add Debian bug reference for CVE-2025-58066/rust-ntpd
- - - - -
b67ff3d7 by Salvatore Bonaccorso at 2025-08-30T11:50:53+02:00
Add Debian bug reference for CVE-2025-58058
- - - - -
3e3e968f by Salvatore Bonaccorso at 2025-08-30T12:06:12+02:00
Add Debian bug reference for CVE-2025-58068
- - - - -
1fe2eb78 by Salvatore Bonaccorso at 2025-08-30T14:13:02+02:00
Add CVE-2025-38677/linux
- - - - -
4cc4edc5 by Andrej Shadura at 2025-08-30T16:01:03+02:00
Reserve DLA-4274-2 for mbedtls
- - - - -
b1ef54e9 by Andrej Shadura at 2025-08-30T16:05:24+02:00
Fix DLA-4274-2 for mbedtls
This reverts commit 4cc4edc586f929f7e75d12b41fd08939f8e4dcae.
- - - - -
b695a39c by Moritz Muehlenhoff at 2025-08-30T16:26:56+02:00
rust-xcb fixed in sid
- - - - -
76faf51f by Paride Legovini at 2025-08-30T17:06:18+02:00
dla-needed: claim libsndfile
- - - - -
dcdd57c2 by Paride Legovini at 2025-08-30T17:24:47+02:00
Postpone CVE-2025-52194/bullseye
Follow Bookworm; crash does not reproduce with provided PoC file [1] on
a Bullseye system. This does not mean Bullseye is not-affected, but it
is an indicator that is _may_ be unaffected. Building the package with
ASAN instrumentation may be needed to reproduce the issue, see [1]. This
is not something users would normally be doing.
[1] https://github.com/libsndfile/libsndfile/issues/1082
- - - - -
17d1371e by Paride Legovini at 2025-08-30T17:30:23+02:00
dla/libsndfile: update notes
- - - - -
82d02651 by Bastien Roucariès at 2025-08-30T17:50:54+02:00
CVE-2025-53859/nginx
Follow bookworm
- - - - -
f72ed2c6 by Bastien Roucariès at 2025-08-30T17:56:44+02:00
CVE-2025-55197/pypdf2 [bullseye]
Follow bookworm
- - - - -
c1e06cd5 by Bastien Roucariès at 2025-08-30T17:59:35+02:00
Add civetweb/dla-needed
CVE-2025-55763 is remote RCE potential
- - - - -
8f7c9300 by Bastien Roucariès at 2025-08-30T18:04:52+02:00
CVE-2025-54080/exiv2
This is a minor issue, DoS by quadratic algorithm
- - - - -
0b826a4b by Bastien Roucariès at 2025-08-30T18:09:33+02:00
Correct CVE-2025-54080/description
- - - - -
aa2c7da8 by Bastien Roucariès at 2025-08-30T18:11:00+02:00
CVE-2025-55304/bullseye exiv2
Minor issue low
- - - - -
db3abb48 by Bastien Roucariès at 2025-08-30T19:05:10+02:00
dla-needed add node-sha.js
- - - - -
229cb593 by Bastien Roucariès at 2025-08-30T19:08:52+02:00
dla-needed: python-h2
- - - - -
4ef2b188 by Bastien Roucariès at 2025-08-30T19:11:41+02:00
dla-needed add python-eventlet
- - - - -
9a7be21f by Bastien Roucariès at 2025-08-30T19:16:45+02:00
Add dla-needed asterisk
- - - - -
2278a306 by Bastien Roucariès at 2025-08-30T19:20:03+02:00
Add spim dla-needed
- - - - -
66a47137 by Salvatore Bonaccorso at 2025-08-30T19:29:15+02:00
Track fixed version for CVE-2025-54571/modsecurity-apache
Note the version seems to be correct, no 2.9.12-1 did hit the archive.
- - - - -
7147a8a6 by Moritz Mühlenhoff at 2025-08-30T20:03:12+02:00
firebird4.0 security update
- - - - -
8ef60a35 by Moritz Mühlenhoff at 2025-08-30T20:11:11+02:00
shaarli spu/ospu
- - - - -
0d2e2b0a by Salvatore Bonaccorso at 2025-08-30T20:55:55+02:00
Add CVE-2025-9572
Note, the issue is not really clear, it might as well be Red hat
Satellite specific, but mentions foreman. As we will eventually need to
re-evaluate all foreman CVEs once it is packaged and enters Debian, play
on safe side and make the CVE associated with the itp'ed entry for
foreman.
- - - - -
c060e1cd by Salvatore Bonaccorso at 2025-08-30T21:06:16+02:00
Add additional references for CVE-2025-58160/rust-tracing-subscriber
- - - - -
eefac3c8 by Salvatore Bonaccorso at 2025-08-30T21:20:23+02:00
Add Debian bug reference for CVE-2025-58160/rust-tracing-subscriber
- - - - -
4b1bdf2d by Salvatore Bonaccorso at 2025-08-30T21:21:40+02:00
Track fixed version for CVE-2025-9136/retroarch
- - - - -
9c16ffbe by Bastien Roucariès at 2025-08-30T21:37:23+02:00
CVE-2024-4227/gsoap bullseye
Follow bookworm
- - - - -
99dd482c by Bastien Roucariès at 2025-08-30T22:11:22+02:00
biosig/bullseye
Follow bookworm
- - - - -
e7648a32 by Salvatore Bonaccorso at 2025-08-31T08:28:17+02:00
Track fixed version for CVE-2025-58066/rust-ntpd via unstable
- - - - -
3a1e877e by Salvatore Bonaccorso at 2025-08-31T08:29:55+02:00
Track fixed version for kanboard issues
- - - - -
9fbea9cf by Salvatore Bonaccorso at 2025-08-31T08:37:38+02:00
Process two NFUs
- - - - -
9ed66564 by Salvatore Bonaccorso at 2025-08-31T08:38:08+02:00
Add CVE-2025-47909/golang-github-gorilla-csrf
- - - - -
f414220b by Salvatore Bonaccorso at 2025-08-31T08:40:52+02:00
Triage two exiv2 issue for trixie and bookworm
- - - - -
880ba465 by Salvatore Bonaccorso at 2025-08-31T08:47:52+02:00
Add new adminer issue
- - - - -
bab24c51 by security tracker role at 2025-08-31T08:12:47+00:00
automatic update
- - - - -
2d9a2766 by security tracker role at 2025-08-31T08:14:28+00:00
automatic NOT-FOR-US entries update
- - - - -
a8a18ac5 by Moritz Mühlenhoff at 2025-08-31T13:03:07+02:00
libnginx-mod-http-lua ospu
- - - - -
aa52ec5a by Moritz Muehlenhoff at 2025-08-31T13:05:39+02:00
exiv2 fixed in experimental
- - - - -
1ada4a5c by Salvatore Bonaccorso at 2025-08-31T13:48:51+02:00
Track exiv2 issues fixed via unstable upload
- - - - -
2fe22ce2 by Salvatore Bonaccorso at 2025-08-31T13:58:10+02:00
Process some NFUs
- - - - -
a16aff26 by Salvatore Bonaccorso at 2025-08-31T13:58:47+02:00
Add CVE-2025-9688/mupen64plus-core
- - - - -
b8da3c77 by Moritz Muehlenhoff at 2025-08-31T15:37:46+02:00
older podofo issues fixed in sid
- - - - -
471d256d by Salvatore Bonaccorso at 2025-08-31T16:54:46+02:00
Add ancient CVE-2005-10004/cacti
Unfortunately very light on details on the upstream fix, but addressed
in 0.8.6d upstream, so track with the first version which entered
unstable.
- - - - -
f832485c by Salvatore Bonaccorso at 2025-08-31T17:01:09+02:00
Add upstream tag references for podofo upstream commits
- - - - -
549b43c3 by Bastien Roucariès at 2025-08-31T19:24:06+02:00
biosig/bullseye
Follow bookworm
- - - - -
92ff1978 by Bastien Roucariès at 2025-08-31T19:26:19+02:00
dla-needed: tika
Add to dla-needed
- - - - -
59d8c92c by Bastien Roucariès at 2025-08-31T19:29:12+02:00
dla-needed add log4cxx
- - - - -
c38ddbcb by Daniel Leidert at 2025-08-31T19:37:37+02:00
Reserve DLA-4286-1 for libcommons-lang3-java
- - - - -
72653acd by Daniel Leidert at 2025-08-31T20:09:10+02:00
LTS: claim python-eventlet in dla-needed.txt
- - - - -
c40f2362 by Daniel Leidert at 2025-08-31T20:10:24+02:00
LTS: claim python-h2 in dla-needed.txt
- - - - -
bd1510b4 by Daniel Leidert at 2025-08-31T20:11:27+02:00
add note for u-boot
- - - - -
9db78460 by Moritz Muehlenhoff at 2025-08-31T20:35:49+02:00
poppler spu
- - - - -
a0896178 by Salvatore Bonaccorso at 2025-08-31T20:39:22+02:00
Track proposed update for poppler via trixie-pu
Technically 25.03.0-5+deb13u1 is the one initially containing the change
but got immediately superseeded by 25.03.0-5+deb13u2 not including a
Ubuntu specific change. Additionally it did not build on top of
25.03.0-5+deb13u1 including the changelog.
So consider just 25.03.0-5+deb13u2 as the one entering the archive and
containing the desired CVE fix.
- - - - -
56332112 by Salvatore Bonaccorso at 2025-08-31T20:41:16+02:00
Track proposed update for libcommons-lang-java via {bookworm,trixie}-pu
- - - - -
f9f0f6c9 by Salvatore Bonaccorso at 2025-08-31T20:44:12+02:00
Track fixed version for CVE-2025-48924/libcommons-lang-java via unstable
- - - - -
bfa256cf by security tracker role at 2025-08-31T20:13:00+00:00
automatic update
- - - - -
73f123eb by security tracker role at 2025-08-31T20:14:41+00:00
automatic NOT-FOR-US entries update
- - - - -
b20dfca8 by Paride Legovini at 2025-08-31T22:25:16+02:00
dla/libsndfile: update notes
- - - - -
f0e87b30 by Paride Legovini at 2025-08-31T22:42:26+02:00
lts: CVE-2022-33065/libsndfile/bullseye: no-dsa -> postponed
Given that there is a WIP fix, use a more appropriate status.
- - - - -
b39c75d1 by Moritz Muehlenhoff at 2025-08-31T22:50:06+02:00
NFUs
- - - - -
6c26dbca by Paride Legovini at 2025-08-31T22:53:15+02:00
dla-needed: add note on investigation done on wolfssl
- - - - -
8e5d5d7f by Paride Legovini at 2025-08-31T23:56:12+02:00
Reserve DLA-4287-1 for libsndfile
- - - - -
13f3d540 by Carlos Henrique Lima Melara at 2025-08-31T21:48:30-03:00
Reserve DLA-4079-2 for openvpn
- - - - -
254abb08 by Salvatore Bonaccorso at 2025-09-01T05:41:54+02:00
Track fixed version for CVE-2025-48924/libcommons-lang3-java via unstable
- - - - -
abde7592 by Salvatore Bonaccorso at 2025-09-01T05:44:20+02:00
Track fixed version for CVE-2025-58068/python-eventlet via unstable
- - - - -
f806be0e by security tracker role at 2025-09-01T08:11:58+00:00
automatic update
- - - - -
7363f6fe by security tracker role at 2025-09-01T08:12:47+00:00
automatic NOT-FOR-US entries update
- - - - -
a026ce93 by Andreas Henriksson at 2025-09-01T10:18:33+02:00
LTS: claim civetweb in dla-needed.txt
- - - - -
976f8619 by Adrian Bunk at 2025-09-01T11:48:42+03:00
Reserve DLA-4288-1 for ruby-saml
- - - - -
dd0d3636 by Moritz Muehlenhoff at 2025-09-01T11:42:19+02:00
new dcmtk issue
- - - - -
d3e343d6 by Moritz Muehlenhoff at 2025-09-01T11:44:13+02:00
NFUs
- - - - -
584c4056 by Roberto C. Sánchez at 2025-09-01T10:02:30-04:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Roberto C. Sánchez <roberto at debian.org>
- - - - -
c137a717 by Moritz Muehlenhoff at 2025-09-01T17:24:48+02:00
bookworm/trixie triage
- - - - -
62289304 by Moritz Muehlenhoff at 2025-09-01T17:32:27+02:00
golang-github-ulikunitz-xz fixed in sid
- - - - -
e56dc27d by Salvatore Bonaccorso at 2025-09-01T17:55:53+02:00
Reference full commit id for CVE-2025-9732 fix
- - - - -
f17e5ee9 by Daniel Leidert at 2025-09-01T18:23:49+02:00
Add patch link for CVE-2025-9689/mupen64plus-core
- - - - -
8448be98 by Salvatore Bonaccorso at 2025-09-01T20:07:29+02:00
CVE-2025-9688: Reference upstream commit
- - - - -
811ed260 by Salvatore Bonaccorso at 2025-09-01T21:11:01+02:00
Clarify waiting status for cpp-httplib
- - - - -
e7510105 by Salvatore Bonaccorso at 2025-09-01T21:24:13+02:00
Shuffle packages not candidates for 13.1 to end of list
- - - - -
e656ed8a by Salvatore Bonaccorso at 2025-09-01T21:29:46+02:00
Move python-django to end of list, will be skipped again for 12.12
- - - - -
03fe2c44 by Salvatore Bonaccorso at 2025-09-01T21:40:35+02:00
Drop libxml2 entries, they got implicitly already included with last DSA
Add as well the explicit tracking for the bookworm entires. Choose the
+deb12u3 version as this got accepted into the archive implicilty, both
via acceptance for 12.12 but then superseeded by the +deb12u4 upload.
- - - - -
0aa0fee9 by Salvatore Bonaccorso at 2025-09-01T21:46:09+02:00
Move proposed updates not candidate for 12.12 down the list
- - - - -
790e8690 by security tracker role at 2025-09-01T20:12:07+00:00
automatic update
- - - - -
fb15c72c by security tracker role at 2025-09-01T20:13:02+00:00
automatic NOT-FOR-US entries update
- - - - -
1a50421e by Moritz Muehlenhoff at 2025-09-01T22:38:13+02:00
NFUs
- - - - -
62f8a5f4 by Moritz Muehlenhoff at 2025-09-01T22:39:16+02:00
new xmltodict issue
- - - - -
08392587 by Moritz Muehlenhoff at 2025-09-01T22:41:28+02:00
new retroarch issue
- - - - -
86835dc6 by Moritz Muehlenhoff at 2025-09-02T09:02:23+02:00
first batch of tensorflow updates
- - - - -
9ab1f257 by Moritz Muehlenhoff at 2025-09-02T09:14:48+02:00
more tensorflow updates
- - - - -
7f93e584 by Moritz Muehlenhoff at 2025-09-02T09:35:57+02:00
tensorflow updates
- - - - -
715e97a4 by Moritz Muehlenhoff at 2025-09-02T09:46:28+02:00
edk2 fixed in sid
- - - - -
244f683e by Moritz Muehlenhoff at 2025-09-02T09:56:11+02:00
tensorflow updates
- - - - -
c62dc231 by security tracker role at 2025-09-02T08:12:03+00:00
automatic update
- - - - -
bc7fa71f by security tracker role at 2025-09-02T08:13:07+00:00
automatic NOT-FOR-US entries update
- - - - -
e5d76183 by Moritz Muehlenhoff at 2025-09-02T12:31:03+02:00
tensorflow updates
- - - - -
17b99858 by Moritz Muehlenhoff at 2025-09-02T12:39:30+02:00
more tensorflow updates
- - - - -
d9922835 by Abhijith PA at 2025-09-02T17:52:04+05:30
reclaim nextcloud-desktop in dla-needed.txt
- - - - -
75e45cb1 by Moritz Muehlenhoff at 2025-09-02T15:09:19+02:00
more tensorflow updates
- - - - -
618c9803 by Moritz Muehlenhoff at 2025-09-02T15:16:37+02:00
tensorflow updates
- - - - -
0570a457 by Moritz Muehlenhoff at 2025-09-02T16:02:51+02:00
tensorflow updates
- - - - -
5be00601 by Jochen Sprickerhof at 2025-09-02T16:36:46+02:00
Reserve DLA-4289-1 for python-eventlet
- - - - -
8730bd75 by Moritz Muehlenhoff at 2025-09-02T16:59:49+02:00
tensorflow updates
- - - - -
674a900a by Moritz Muehlenhoff at 2025-09-02T17:09:32+02:00
add reference for rust-tracing-subscriber
- - - - -
2f0b2a51 by Daniel Leidert at 2025-09-02T17:10:03+02:00
Patch for CVE-2025-57804/python-h2 is a two-parter
- - - - -
582d6ef3 by Moritz Mühlenhoff at 2025-09-02T17:32:04+02:00
python-eventlet spu
- - - - -
c9a09e05 by Chris Lamb at 2025-09-02T10:40:40-07:00
data/dla-needed.txt: Claim python-future.
- - - - -
5d34a356 by Andreas Henriksson at 2025-09-02T19:54:38+02:00
dla-needed: notes for civetweb
- - - - -
c09228f8 by security tracker role at 2025-09-02T20:12:45+00:00
automatic update
- - - - -
cbc1147f by security tracker role at 2025-09-02T20:13:42+00:00
automatic NOT-FOR-US entries update
- - - - -
fc53d26a by Daniel Leidert at 2025-09-02T23:54:36+02:00
Reserve DLA-4290-1 for python-h2
- - - - -
ab64afed by Adrian Bunk at 2025-09-03T02:43:00+03:00
dla: take jetty9
- - - - -
38055dc3 by Salvatore Bonaccorso at 2025-09-03T08:24:56+02:00
Reference upstream issue for CVE-2025-9375
- - - - -
8733aa39 by Salvatore Bonaccorso at 2025-09-03T08:33:21+02:00
Add Debian bug reference for CVE-2025-9375/python-xmltodict
- - - - -
1cc9e372 by Salvatore Bonaccorso at 2025-09-03T08:39:19+02:00
Process some new NFUs
- - - - -
673b5b5f by Salvatore Bonaccorso at 2025-09-03T08:55:44+02:00
Add CVE-2025-9784/undertow
- - - - -
647fc323 by Salvatore Bonaccorso at 2025-09-03T08:56:18+02:00
Process some NFUs
- - - - -
9d773863 by Salvatore Bonaccorso at 2025-09-03T09:02:44+02:00
Process some NFUs
- - - - -
bce5511d by Salvatore Bonaccorso at 2025-09-03T09:55:24+02:00
Add CVE-2025-9714/libxml2
- - - - -
d790b806 by security tracker role at 2025-09-03T08:12:17+00:00
automatic update
- - - - -
ae23e5f8 by security tracker role at 2025-09-03T08:14:04+00:00
automatic NOT-FOR-US entries update
- - - - -
3e6c5cf2 by Salvatore Bonaccorso at 2025-09-03T10:31:56+02:00
Process some NFUs
- - - - -
b173d8dc by Moritz Mühlenhoff at 2025-09-03T11:44:59+02:00
auto-nfu: Add Foxit
- - - - -
b9a83acb by Moritz Mühlenhoff at 2025-09-03T11:48:19+02:00
stardict spu
- - - - -
b01f39c0 by Utkarsh Gupta at 2025-09-03T15:23:49+05:30
Add notes for wordpress
- - - - -
03138c15 by Salvatore Bonaccorso at 2025-09-03T11:58:30+02:00
Add new wireshark issue, CVE-2025-9817
- - - - -
9028201c by Moritz Mühlenhoff at 2025-09-03T12:48:17+02:00
auto-nfu: extend Apache rule
- - - - -
f4632bc0 by Salvatore Bonaccorso at 2025-09-03T16:05:58+02:00
Track fixed version for sail issues
- - - - -
912249b9 by Salvatore Bonaccorso at 2025-09-03T16:13:04+02:00
Update linux CVEs based on updated information from kernel-sec
- - - - -
9af583e2 by Salvatore Bonaccorso at 2025-09-03T16:17:40+02:00
Reference tests for sail issues
- - - - -
451f1308 by Salvatore Bonaccorso at 2025-09-03T16:21:08+02:00
Add references for sail upstream issues
- - - - -
0bbe0efb by Salvatore Bonaccorso at 2025-09-03T17:03:55+02:00
Update status for linux CVEs from kernel-sec
- - - - -
aa816d77 by Salvatore Bonaccorso at 2025-09-03T17:08:37+02:00
Add CVE-2025-38678/linux
- - - - -
33f15b73 by Salvatore Bonaccorso at 2025-09-03T17:47:16+02:00
Update status for some CVEs from kernel-sec
- - - - -
11aee09e by Salvatore Bonaccorso at 2025-09-03T17:55:28+02:00
Add new batch of chromium issues
- - - - -
a6857df3 by Salvatore Bonaccorso at 2025-09-03T17:56:07+02:00
Add chromium to dsa-needed list
- - - - -
07c73f73 by Salvatore Bonaccorso at 2025-09-03T20:42:35+02:00
Add CVE-2025-57833/python-django
- - - - -
71beb14d by Salvatore Bonaccorso at 2025-09-03T20:48:09+02:00
Track fixed version for python-django issue fixed via unstable
- - - - -
003c0ca3 by Adrian Bunk at 2025-09-03T22:26:25+03:00
Reserve DLA-4291-1 for node-cipher-base
- - - - -
26e919c5 by Salvatore Bonaccorso at 2025-09-03T21:34:00+02:00
Process some NFUs
- - - - -
9aff4b2a by Salvatore Bonaccorso at 2025-09-03T21:34:00+02:00
Add CVE-2025-54588/envoyproxy
- - - - -
27dd3e61 by security tracker role at 2025-09-03T20:13:01+00:00
automatic update
- - - - -
be061831 by security tracker role at 2025-09-03T20:14:39+00:00
automatic NOT-FOR-US entries update
- - - - -
0843a666 by Salvatore Bonaccorso at 2025-09-03T22:25:10+02:00
Process some NFUs
- - - - -
29b2465e by Salvatore Bonaccorso at 2025-09-03T22:25:41+02:00
Add CVE-2025-9901/libsoup
- - - - -
d6183af8 by Salvatore Bonaccorso at 2025-09-03T22:26:10+02:00
Add CVE-2025-57052/cjson
- - - - -
e1f1e6dd by Salvatore Bonaccorso at 2025-09-03T22:26:38+02:00
Add CVE-2025-55162/envoyproxy, itp'ed
- - - - -
199e7b0e by Salvatore Bonaccorso at 2025-09-04T09:46:31+02:00
Mark CVE-2025-46810 as NFU
- - - - -
99c8ed15 by security tracker role at 2025-09-04T08:12:32+00:00
automatic update
- - - - -
8e828413 by security tracker role at 2025-09-04T08:13:26+00:00
automatic NOT-FOR-US entries update
- - - - -
35c508a5 by Salvatore Bonaccorso at 2025-09-04T10:28:28+02:00
Remove notes from CVE which got rejected by the CNA
No reason specified, but it does not matter for us in this case anyway.
- - - - -
9e6a2456 by Salvatore Bonaccorso at 2025-09-04T10:54:59+02:00
Process some NFUs
- - - - -
0998ca9e by Salvatore Bonaccorso at 2025-09-04T11:17:03+02:00
Track fixes for chormium via unstable
- - - - -
03b5cb82 by Lucas Kanashiro at 2025-09-04T09:22:08-03:00
Reserve DLA-4292-1 for clamav
- - - - -
4a96f0f3 by Moritz Mühlenhoff at 2025-09-04T14:23:54+02:00
sail spu
- - - - -
acaab552 by Moritz Muehlenhoff at 2025-09-04T17:21:56+02:00
phpmyadmin fixed in sid
- - - - -
637fa10e by Salvatore Bonaccorso at 2025-09-04T21:49:10+02:00
Merge Linux CVEs from kernel-sec
- - - - -
3541afce by security tracker role at 2025-09-04T20:12:48+00:00
automatic update
- - - - -
fe0fd6da by security tracker role at 2025-09-04T20:14:22+00:00
automatic NOT-FOR-US entries update
- - - - -
04517a56 by Salvatore Bonaccorso at 2025-09-04T22:29:06+02:00
Add CVE-2025-9636/pgadmin4
- - - - -
0a3802d7 by Salvatore Bonaccorso at 2025-09-04T22:36:23+02:00
Process some NFUs
- - - - -
ce76c976 by Salvatore Bonaccorso at 2025-09-04T22:48:26+02:00
Add two new netty issues
- - - - -
493ca5c9 by Moritz Muehlenhoff at 2025-09-04T23:03:28+02:00
bookworm/trixie triage
- - - - -
04c51ef7 by Salvatore Bonaccorso at 2025-09-04T23:15:11+02:00
Track proposed update for phpmyadmin via trixie-pu
- - - - -
253ef968 by Moritz Muehlenhoff at 2025-09-04T23:42:43+02:00
auto-nfu: Add Android
Historically a lot of Linux issues were assigned via Android, but these
days they are exclusively assigned by the Linux kernel CNA.
- - - - -
0207c2bd by Salvatore Bonaccorso at 2025-09-05T06:28:56+02:00
Track two CVEs as fixed for recent linux upload to unstable
- - - - -
316409c3 by Salvatore Bonaccorso at 2025-09-05T06:42:02+02:00
Add Debian bug reference for libsoup issue
- - - - -
c5acb472 by Salvatore Bonaccorso at 2025-09-05T06:42:30+02:00
Add Debian bug reference for CVE-2025-9732/dcmtk
- - - - -
509dc918 by Salvatore Bonaccorso at 2025-09-05T06:43:21+02:00
Add Debian bug reference for two netty issues
- - - - -
9067ed63 by Salvatore Bonaccorso at 2025-09-05T09:01:15+02:00
Add required followup commit for CVE-2025-9732/dcmtk
- - - - -
0a7812c3 by security tracker role at 2025-09-05T08:12:44+00:00
automatic update
- - - - -
0f97a3c3 by security tracker role at 2025-09-05T08:13:35+00:00
automatic NOT-FOR-US entries update
- - - - -
03291532 by Moritz Muehlenhoff at 2025-09-05T10:15:31+02:00
NFUs
- - - - -
0ddb3c8b by Salvatore Bonaccorso at 2025-09-05T10:45:10+02:00
Remove notes on now rejected Linux CVE
- - - - -
b1645334 by Salvatore Bonaccorso at 2025-09-05T13:43:12+02:00
Add reference for CVE-2025-9714
- - - - -
3e77d3c3 by Salvatore Bonaccorso at 2025-09-05T20:54:29+02:00
Track fixed version via unstable for CVE-2025-9019/tcpreplay
- - - - -
3d8bd1cb by Salvatore Bonaccorso at 2025-09-05T21:02:27+02:00
Add Linux CVEs from kernel-sec
- - - - -
d233e2c6 by Salvatore Bonaccorso at 2025-09-05T21:12:07+02:00
Track more fixed version for tcpreplay issues
- - - - -
736e028d by Salvatore Bonaccorso at 2025-09-05T21:16:07+02:00
Merge Linux CVEs from kernel-sec
- - - - -
24584d7a by Salvatore Bonaccorso at 2025-09-05T21:23:31+02:00
Mark CVE-2025-9714 as no-dsa
- - - - -
fd720277 by Andres Salomon at 2025-09-05T16:08:47-04:00
chromium dsa
- - - - -
b24e4db3 by security tracker role at 2025-09-05T20:12:46+00:00
automatic update
- - - - -
a942c003 by security tracker role at 2025-09-05T20:14:18+00:00
automatic NOT-FOR-US entries update
- - - - -
beb91c59 by Salvatore Bonaccorso at 2025-09-05T22:15:47+02:00
Remove notes from two rejected Linux CVEs
- - - - -
335af0d5 by Salvatore Bonaccorso at 2025-09-05T22:30:40+02:00
Process some NFUs
- - - - -
1cf5a6b4 by Salvatore Bonaccorso at 2025-09-05T22:38:42+02:00
Add CVE-2025-9566/podman
- - - - -
97d70cf7 by Moritz Muehlenhoff at 2025-09-05T22:45:53+02:00
potential new libxml issue
- - - - -
d535999c by Bastien Roucariès at 2025-09-05T23:17:47+02:00
Take imagemagick/dla-needed
- - - - -
c458c70a by Salvatore Bonaccorso at 2025-09-06T00:00:50+02:00
Fix small typo in temporary NOTE
- - - - -
c4475704 by Markus Koschany at 2025-09-06T08:23:10+02:00
Add python-django to dla-needed.txt
Chris Lamb is the maintainer.
- - - - -
0379602c by Markus Koschany at 2025-09-06T08:31:15+02:00
Add varnish to dla-needed.txt
- - - - -
85d7b309 by Markus Koschany at 2025-09-06T08:37:34+02:00
CVE-2025-9732,dcmtk: bullseye is postponed
Minor issue
- - - - -
553db5a8 by Salvatore Bonaccorso at 2025-09-06T08:52:37+02:00
Add CVE-2025-7709/sqlite3
- - - - -
29621139 by Salvatore Bonaccorso at 2025-09-06T09:11:20+02:00
Add CVE-2025-57807/imagemagick
- - - - -
d79bdfb7 by Salvatore Bonaccorso at 2025-09-06T09:23:45+02:00
Process some NFUs
- - - - -
db2a812f by Salvatore Bonaccorso at 2025-09-06T09:24:22+02:00
Add two new keycloak issues
- - - - -
50183133 by Salvatore Bonaccorso at 2025-09-06T09:24:58+02:00
Add CVE-2025-58352/weblate
- - - - -
4ba90315 by Salvatore Bonaccorso at 2025-09-06T09:25:28+02:00
Add CVE-2025-55305/electron
- - - - -
3bcaceea by security tracker role at 2025-09-06T08:12:15+00:00
automatic update
- - - - -
e9a795cc by security tracker role at 2025-09-06T08:13:11+00:00
automatic NOT-FOR-US entries update
- - - - -
c0d1bcdd by Salvatore Bonaccorso at 2025-09-06T10:45:48+02:00
Update status for CVE-2025-57807/imagemagick
- - - - -
8495b585 by Salvatore Bonaccorso at 2025-09-06T10:52:31+02:00
Process some NFUs
- - - - -
0c8dd6ff by Salvatore Bonaccorso at 2025-09-06T11:27:25+02:00
Merge changes for updates with CVEs via trixie 13.1
- - - - -
3c10a51f by Salvatore Bonaccorso at 2025-09-06T11:56:36+02:00
Merge changes for updates with CVEs via bookworm 12.12
- - - - -
20fd0ded by Salvatore Bonaccorso at 2025-09-06T12:13:55+02:00
Merge branch 'trixie-13.1' into 'master'
Merge changes accepted for trixie 13.1 release
See merge request security-tracker-team/security-tracker!243
- - - - -
b8609ddd by Salvatore Bonaccorso at 2025-09-06T12:16:06+02:00
Merge branch 'bookworm-12.12' into 'master'
Merge changes accepted for bookworm 12.12 release
See merge request security-tracker-team/security-tracker!244
- - - - -
399b06c1 by Salvatore Bonaccorso at 2025-09-06T12:38:29+02:00
Add temporary entry for shibboleth-sp issue
- - - - -
4bfe5dfe by Salvatore Bonaccorso at 2025-09-06T12:39:52+02:00
Add reference for advisory for shibboleth-sp issue
- - - - -
e6447c83 by Tobias Frost at 2025-09-06T14:23:36+02:00
LTS: claim amd64-microcode in dla-needed.txt
- - - - -
7aad3a33 by Tobias Frost at 2025-09-06T15:24:23+02:00
LTS amd654-firmware, reached out to maintainer.
- - - - -
c4d42378 by Salvatore Bonaccorso at 2025-09-06T16:08:38+02:00
CVE-2025-26434: Record contact with Android CNA
- - - - -
a60eabf1 by Salvatore Bonaccorso at 2025-09-06T16:17:42+02:00
Add Debian bug reference for CVE-2025-57807/imagemagick
- - - - -
629e1430 by Salvatore Bonaccorso at 2025-09-06T17:52:15+02:00
Add shibboleth-sp to dsa-needed list
- - - - -
2e862c0c by Salvatore Bonaccorso at 2025-09-06T21:20:26+02:00
Mark CVE-2024-21977 as NFU
Mark this one as NFU for AMD as there seem to be no specific changes
applicable via amd64-microcode to track. Might be reverted later.
- - - - -
73a86d02 by Salvatore Bonaccorso at 2025-09-06T21:23:54+02:00
Process two NFUs
- - - - -
1580df00 by Salvatore Bonaccorso at 2025-09-06T21:26:51+02:00
Add Debian bug reference for CVE-2025-9566/podman
- - - - -
3452edcc by Salvatore Bonaccorso at 2025-09-06T21:28:44+02:00
Process some NFUs
- - - - -
ddfea296 by Salvatore Bonaccorso at 2025-09-06T21:29:27+02:00
Add new mongodb issues
- - - - -
6e114ac9 by security tracker role at 2025-09-06T20:12:59+00:00
automatic update
- - - - -
99e044de by security tracker role at 2025-09-06T20:13:54+00:00
automatic NOT-FOR-US entries update
- - - - -
a5491401 by Salvatore Bonaccorso at 2025-09-06T22:50:37+02:00
Track fixed version for shibboleth-sp issue
- - - - -
b878f2b1 by Salvatore Bonaccorso at 2025-09-06T22:57:12+02:00
Process NFUs
- - - - -
8b193f8d by Salvatore Bonaccorso at 2025-09-06T22:57:37+02:00
Add CVE-2025-58438/python-internetarchive
- - - - -
c6c3837e by Ben Hutchings at 2025-09-06T23:05:08+02:00
Reserve DLA-4293-1 for wireless-regdb
- - - - -
c8cfac59 by Salvatore Bonaccorso at 2025-09-07T06:55:34+02:00
Track fixed version for some imagemagick issues
- - - - -
d20ffb52 by Salvatore Bonaccorso at 2025-09-07T06:58:47+02:00
Add upstream tag information for imagemagick issues
- - - - -
b35dc006 by Salvatore Bonaccorso at 2025-09-07T08:51:10+02:00
Track fixed version via unstable for CVE-2025-5115/jetty9
- - - - -
9cb5400f by Salvatore Bonaccorso at 2025-09-07T08:53:01+02:00
Track fixed version via unstable for CVE-2025-5115/jetty12
- - - - -
8d25a8f9 by security tracker role at 2025-09-07T08:12:02+00:00
automatic update
- - - - -
836f8c1e by security tracker role at 2025-09-07T08:12:49+00:00
automatic NOT-FOR-US entries update
- - - - -
b7651f16 by Bastien Roucariès at 2025-09-07T13:20:56+02:00
CVE-2025-55212/imagemagick
Improve CVE fixed by and fix order of patch
- - - - -
591778a3 by Bastien Roucariès at 2025-09-07T13:26:28+02:00
CVE-2025-55298/imagemagick
Fix order of patch
- - - - -
1a08d713 by Adrian Bunk at 2025-09-07T15:19:47+03:00
Reserve DLA-4294-1 for modsecurity-apache
- - - - -
43442290 by Salvatore Bonaccorso at 2025-09-07T15:29:49+02:00
Add note that maintainer proposed to prepare updates for imagemagick
- - - - -
1ef304ac by Salvatore Bonaccorso at 2025-09-07T15:49:07+02:00
Process NFUs
- - - - -
37a0bb92 by Salvatore Bonaccorso at 2025-09-07T15:55:51+02:00
Unify sorting of two commits for imagemagick
- - - - -
9f742cd1 by Salvatore Bonaccorso at 2025-09-07T16:08:29+02:00
Reserve DSA number for shibboleth-sp update
- - - - -
02760ad8 by Salvatore Bonaccorso at 2025-09-07T16:53:22+02:00
Add reference to github mirror for sqlite commit for CVE-2025-7709
- - - - -
7d3df392 by Salvatore Bonaccorso at 2025-09-07T17:14:20+02:00
Add Debian bug reference for CVE-2025-7709/sqlit3
- - - - -
0c23be65 by Salvatore Bonaccorso at 2025-09-07T17:17:29+02:00
Track fixed version via unstable for CVE-2019-19191
- - - - -
41761e3e by Salvatore Bonaccorso at 2025-09-07T20:38:03+02:00
Add Debian bug reference for python-internetarchive issue
- - - - -
5148bd5d by Moritz Muehlenhoff at 2025-09-07T20:48:26+02:00
auto-nfu: Update Apache rule
- - - - -
780d8dfd by Salvatore Bonaccorso at 2025-09-07T20:55:38+02:00
Merge Linux CVE changes from kernel-sec
- - - - -
c1695e97 by Bastien Roucariès at 2025-09-07T21:22:36+02:00
CVE-2025-55212/imagemagick
Add more detail about order of patches
- - - - -
9126988e by security tracker role at 2025-09-07T20:12:10+00:00
automatic update
- - - - -
bea20aa2 by Salvatore Bonaccorso at 2025-09-07T22:15:35+02:00
Add CVE-2025-48042 as NFU
- - - - -
8dccf3fd by Markus Koschany at 2025-09-07T23:55:37+02:00
Add libxml2 to dla-needed.txt
- - - - -
f89a9f03 by Markus Koschany at 2025-09-07T23:57:07+02:00
CVE-2025-7709,sqlite3: bullseye is not affected
The vulnerable code was introduced in version 3.45 starting with commit
https://github.com/sqlite/sqlite/commit/d1fbaa071bac376206cc009ecdce95b13e131b62
A double check for bookworm and other versions is appreciated as usual.
- - - - -
ec791629 by Markus Koschany at 2025-09-07T23:57:42+02:00
Add shibboleth-sp to dla-needed.txt
- - - - -
0176e579 by Markus Koschany at 2025-09-07T23:57:44+02:00
CVE-2024-8244,golang-1.15: bullseye is postponed
Minor issue
- - - - -
8dde8212 by Markus Koschany at 2025-09-07T23:57:45+02:00
CVE-2025-8556,golang-github-cloudflare-circl: bullseye is postponed
Minor issue
- - - - -
c243eeef by Markus Koschany at 2025-09-07T23:57:47+02:00
CVE-2025-8959,golang-github-hashicorp-go-getter: bullseye is postponed
Minor issue
- - - - -
08ef392f by Markus Koschany at 2025-09-07T23:57:48+02:00
CVE-2025-58058,golang-github-ulikunitz-xz: bullseye is postponed
Minor issue
- - - - -
c6e21563 by Guilhem Moulin at 2025-09-08T00:22:23+02:00
LTS: claim libxml2 in dla-needed.txt
- - - - -
37b783b1 by Markus Koschany at 2025-09-08T01:30:48+02:00
Add nova and watcher to dla-needed.txt
Apparently only admins are able to create the described flaw in nova and
watcher (OpenStack) which may not justify a new security update. On the other
hand we have postponed nova issues before and could use the opportunity to fix
those as well now.
- - - - -
08203c30 by Markus Koschany at 2025-09-08T01:30:48+02:00
Add nvidia-graphics-drivers-legacy-390xx to dla-needed.txt
- - - - -
d2e2b5ed by Salvatore Bonaccorso at 2025-09-08T10:06:31+02:00
Correct status for CVE-2025-9810 and associate with linenoise
- - - - -
27fe4eb6 by security tracker role at 2025-09-08T08:12:57+00:00
automatic update
- - - - -
023fc695 by security tracker role at 2025-09-08T08:14:17+00:00
automatic NOT-FOR-US entries update
- - - - -
c8b101e0 by Salvatore Bonaccorso at 2025-09-08T10:46:45+02:00
Process some NFUs
- - - - -
837effad by Moritz Muehlenhoff at 2025-09-08T11:51:08+02:00
new lrzip non issue
- - - - -
651c5e5d by Moritz Muehlenhoff at 2025-09-08T14:41:48+02:00
boomworm/trixie triage
- - - - -
5d585e1a by Adrian Bunk at 2025-09-08T16:17:04+03:00
Reserve DLA-4295-1 for libhtp
- - - - -
ab4840d3 by Adrian Bunk at 2025-09-08T16:20:13+03:00
CVE-2025-53537/libhtp does not affect bookworm or bullseye
- - - - -
06428db6 by Roberto C. Sánchez at 2025-09-08T09:21:32-04:00
semi-automatic unclaim after 2 weeks of inactivity
Signed-off-by: Roberto C. Sánchez <roberto at debian.org>
- - - - -
6d892292 by Moritz Muehlenhoff at 2025-09-08T15:34:11+02:00
new jackrabbit issue
- - - - -
54725c1f by Salvatore Bonaccorso at 2025-09-08T17:18:42+02:00
Add CVE-2025-40930 as NFU
- - - - -
f023a00d by Salvatore Bonaccorso at 2025-09-08T17:20:26+02:00
Add CVE-2025-40929/libcpanel-json-xs-perl
- - - - -
fffadc38 by Salvatore Bonaccorso at 2025-09-08T17:22:55+02:00
Add CVE-2025-40928/libjson-xs-perl
- - - - -
b7bda88d by Salvatore Bonaccorso at 2025-09-08T17:48:26+02:00
Mark JSON::XS related CVEs as no-dsa
- - - - -
f7c6b96f by Thorsten Alteholz at 2025-09-08T18:43:49+02:00
Reserve DLA-4168-2 for openafs
- - - - -
8634a5be by Salvatore Bonaccorso at 2025-09-08T18:46:17+02:00
Track fixed version via unstable for CVE-2025-40928/libjson-xs-perl
- - - - -
1f63938d by Salvatore Bonaccorso at 2025-09-08T19:04:55+02:00
Update status for some Linux CVEs
- - - - -
5509d7ad by Salvatore Bonaccorso at 2025-09-08T19:10:22+02:00
Update status for CVE-2022-48982
- - - - -
c3dc5497 by Salvatore Bonaccorso at 2025-09-08T19:15:50+02:00
Add libjson-xs-perl and libcpanel-json-xs-perl to dsa-needed list
Revert "Mark JSON::XS related CVEs as no-dsa"
This reverts commit b7bda88d42cf79f80bc9f5fe6e0ab851a2d6d30b.
Add then to dsa-needed list. The modules are widely used enough in
various web frameworks to handle JSON input.
- - - - -
778fddd0 by Salvatore Bonaccorso at 2025-09-08T20:31:16+02:00
Mark mydumper as removed from unstable
- - - - -
e2a6b67d by Salvatore Bonaccorso at 2025-09-08T20:44:56+02:00
Partially revert changes for CVE-2025-53537
Upstream advisory say that versions before 0.5.50 are affected. Trying
to get a defintive answer from upstream first.
- - - - -
178a8a03 by Salvatore Bonaccorso at 2025-09-08T20:50:39+02:00
Add upstream ticke reference for CVE-2025-53537
- - - - -
fefd4e20 by Tobias Frost at 2025-09-08T20:59:54+02:00
Add note on amd64-microcode
- - - - -
af165521 by Moritz Mühlenhoff at 2025-09-08T22:00:14+02:00
libhtp spu/ospu
- - - - -
a4ea4ff3 by security tracker role at 2025-09-08T20:12:07+00:00
automatic update
- - - - -
d05363e4 by security tracker role at 2025-09-08T20:13:00+00:00
automatic NOT-FOR-US entries update
- - - - -
2e2c6ec3 by Salvatore Bonaccorso at 2025-09-08T22:17:48+02:00
Process some NFUs
- - - - -
9f300f91 by Salvatore Bonaccorso at 2025-09-08T22:26:36+02:00
Process some NFUs
- - - - -
f44d06c7 by Salvatore Bonaccorso at 2025-09-08T23:15:35+02:00
Revert "Partially revert changes for CVE-2025-53537"
This reverts commit e2a6b67dde447b615a984bc93d6fb8cfb366b293.
Upstream confirmed they consider the oss-fuzz provided range as where
the issue was introduced. Which points to
https://github.com/OISF/libhtp/commit/226580d502ae98c148aaecc4846f78694b5e253c
as introductory commit.
- - - - -
77d97a70 by Santiago Ruano Rincón at 2025-09-08T22:29:55-03:00
Reserve DLA-4296-1 for qemu
- - - - -
656c517a by Salvatore Bonaccorso at 2025-09-09T05:36:05+02:00
Track fixed version for CVE-2025-40929/libcpanel-json-xs-perl
- - - - -
24403f5d by Salvatore Bonaccorso at 2025-09-09T07:30:09+02:00
Track fixed version for CVE-2025-30224/mydumper
The mydumper package was shortly removed from unstable, but now
re-introduced and including the fix for CVE-2025-30224.
- - - - -
3f2a2e25 by Salvatore Bonaccorso at 2025-09-09T07:57:03+02:00
Update status for CVE-2025-26434/libxml2
- - - - -
9ebbcc54 by Moritz Muehlenhoff at 2025-09-09T08:57:34+02:00
NFUs
The old 2011 issue is unlikely to affect mplayer in Debian since it
doesn't bundle ffmpeg, but uses the system copy (plus 14 years have
passed anyway)
- - - - -
9e9024b7 by Moritz Muehlenhoff at 2025-09-09T09:01:18+02:00
NFUs
- - - - -
7912a13e by Moritz Muehlenhoff at 2025-09-09T09:03:10+02:00
add reference for libxml2
- - - - -
ffbd4263 by Moritz Muehlenhoff at 2025-09-09T09:18:47+02:00
NFUs
- - - - -
c8f76fde by Moritz Muehlenhoff at 2025-09-09T09:26:32+02:00
"new" node-sanitize-html issues
- - - - -
ed5b06ba by security tracker role at 2025-09-09T08:12:05+00:00
automatic update
- - - - -
7a18de95 by security tracker role at 2025-09-09T08:12:57+00:00
automatic NOT-FOR-US entries update
- - - - -
cb8a0870 by Moritz Muehlenhoff at 2025-09-09T10:32:18+02:00
NFUs
- - - - -
7701cfd1 by Moritz Muehlenhoff at 2025-09-09T13:06:01+02:00
NFUs
- - - - -
f5120698 by Moritz Muehlenhoff at 2025-09-09T13:24:28+02:00
mark two older Envoy issues as NFU
These are security issues in the way OpenShift uses Envoy, not in Envoy itself
- - - - -
56badac2 by Salvatore Bonaccorso at 2025-09-09T14:52:08+02:00
Add additional reference for CVE-2025-6965
- - - - -
fcd1bdea by Salvatore Bonaccorso at 2025-09-09T14:56:02+02:00
Add new CVEs for XSA-472
- - - - -
bd80129c by Salvatore Bonaccorso at 2025-09-09T14:57:53+02:00
Add new CVEs for XSA-473
- - - - -
05b2141b by Salvatore Bonaccorso at 2025-09-09T15:00:02+02:00
Add CVE-2025-58146/xen-api
- - - - -
8ecb31c2 by Salvatore Bonaccorso at 2025-09-09T16:19:02+02:00
Add Debian bug reference for CVE-2025-57052
- - - - -
e6a1612b by Salvatore Bonaccorso at 2025-09-09T16:21:22+02:00
Track fixed version for qemu issue in bullseye
- - - - -
578eceb6 by "Lee Garrett" at 2025-09-09T16:31:24+02:00
LTS: claim git in dla-needed.txt
- - - - -
3d281db1 by Salvatore Bonaccorso at 2025-09-09T20:57:13+02:00
Update status for CVE-2025-26434
- - - - -
0b64aa06 by Moritz Muehlenhoff at 2025-09-09T20:59:47+02:00
sqlite3 fixed in sid
- - - - -
8a238fae by Moritz Muehlenhoff at 2025-09-09T21:00:24+02:00
py-internetarchive fixed in sid
- - - - -
1a46f4c1 by Salvatore Bonaccorso at 2025-09-09T21:05:42+02:00
Update versions referenced for node-sanitize-html commits
Back then the code apparently did not tag the version but the followup
fix was in a 1.0.3 released version, and the first attempt in 1.0.2.
- - - - -
52a3cfad by Salvatore Bonaccorso at 2025-09-09T21:45:09+02:00
Record applied mitigations for CVE-2024-52615 and CVE-2024-52616
For CVE-2024-52615 a fix appears to exist upstream with
https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942
but it has so far not been applied.
- - - - -
206707dd by security tracker role at 2025-09-09T20:12:58+00:00
automatic update
- - - - -
ca3896d5 by security tracker role at 2025-09-09T20:14:37+00:00
automatic NOT-FOR-US entries update
- - - - -
726afff5 by Salvatore Bonaccorso at 2025-09-09T22:27:22+02:00
Process some NFUs
- - - - -
2aa8d191 by Salvatore Bonaccorso at 2025-09-09T22:33:53+02:00
Add CVE-2025-9951/ffmpeg
- - - - -
a61d3916 by Salvatore Bonaccorso at 2025-09-09T22:39:12+02:00
Add CVE-2025-8277/libssh
- - - - -
23c93425 by Salvatore Bonaccorso at 2025-09-09T22:40:35+02:00
Add reference for CVE-2025-8114/libssh
- - - - -
0c7a109c by Salvatore Bonaccorso at 2025-09-09T22:42:50+02:00
Add python-internetarchive to dsa-needed list
- - - - -
6758b665 by Moritz Muehlenhoff at 2025-09-09T22:45:31+02:00
auto-nfu: add rule for typo3
Total CVEs from TYPO3: 10
Total CVEs from TYPO3 with packages assigned: 0
Scope: Vulnerabilities in TYPO3 open-source products only, including
TYPO3 CMS core and 3rd party extensions for TYPO3, unless covered by
the scope of another CNA.
- - - - -
39d164b4 by Salvatore Bonaccorso at 2025-09-09T22:49:07+02:00
Process some NFUs
- - - - -
cef4e3fd by Salvatore Bonaccorso at 2025-09-09T22:49:07+02:00
Add CVE-2025-58180/octoprint, itp'ed
- - - - -
36a985d7 by Salvatore Bonaccorso at 2025-09-09T22:49:08+02:00
Add CVE-2025-58063/coredns, itp'ed
- - - - -
558cf279 by Salvatore Bonaccorso at 2025-09-09T22:53:39+02:00
Process some NFUs
- - - - -
be79c8bd by Salvatore Bonaccorso at 2025-09-09T22:54:22+02:00
Add CVE-2025-52322/open5gs, itp'ed
- - - - -
5dde6778 by Salvatore Bonaccorso at 2025-09-09T23:01:26+02:00
Sync some Linux CVEs with kernel-sec
- - - - -
1a377add by Salvatore Bonaccorso at 2025-09-10T07:36:29+02:00
Process some NFUs
- - - - -
6c26ed63 by Salvatore Bonaccorso at 2025-09-10T07:41:03+02:00
auto-nfu: Update naming of product for Apache HertzBeat
- - - - -
2c2fc728 by Salvatore Bonaccorso at 2025-09-10T07:49:14+02:00
Process two NFUs now covered by auto-nfu rule
- - - - -
74f0989b by Salvatore Bonaccorso at 2025-09-10T07:57:53+02:00
Add CVE-2025-10148/curl
- - - - -
e5761551 by Salvatore Bonaccorso at 2025-09-10T08:04:27+02:00
Add CVE-2025-9086/curl
- - - - -
74035dfb by Guilhem Moulin at 2025-09-10T09:39:57+02:00
LTS: claim libxslt in dla-needed.txt
- - - - -
5a4579e9 by Moritz Muehlenhoff at 2025-09-10T09:45:25+02:00
update fixed version for hsqldb1.8.0
- - - - -
d02828d3 by Salvatore Bonaccorso at 2025-09-10T10:08:00+02:00
Add two new chromium issues
- - - - -
c72ce279 by Salvatore Bonaccorso at 2025-09-10T10:09:00+02:00
Track fixed version for chromium via unstable
- - - - -
baec2faf by Emilio Pozuelo Monfort at 2025-09-10T10:12:01+02:00
lts: reclaim firefox-esr
- - - - -
b3ddac5d by Salvatore Bonaccorso at 2025-09-10T10:15:28+02:00
Track fixed version for CVE-2021-27418/uclibc
- - - - -
5833904e by Emilio Pozuelo Monfort at 2025-09-10T10:16:12+02:00
Revert change to parsers.py
This partly reverts baec2fafd6ddc63d7040fc0b9801a544eef258de.
- - - - -
6e08ea4c by Salvatore Bonaccorso at 2025-09-10T10:17:41+02:00
Add chromium to dsa-needed list
- - - - -
a28dfefc by Abhijith PA at 2025-09-10T15:42:57+05:30
reclaim libphp-adodb in dla-needed.txt
- - - - -
cfee1d9f by Moritz Muehlenhoff at 2025-09-10T12:32:46+02:00
add cjson fix
- - - - -
926f46fa by Moritz Muehlenhoff at 2025-09-10T12:56:54+02:00
podman fixed in experimental
- - - - -
450052ec by Emilio Pozuelo Monfort at 2025-09-10T13:55:53+02:00
lts: add libcpanel-json-xs-perl
- - - - -
6e82eaf6 by Emilio Pozuelo Monfort at 2025-09-10T13:57:45+02:00
lts: add libjson-xs-perl
- - - - -
7951d55b by Emilio Pozuelo Monfort at 2025-09-10T14:01:13+02:00
lts: add python-internetarchive
- - - - -
f405fa9a by Moritz Muehlenhoff at 2025-09-10T15:11:54+02:00
bookworm/trixie triage
- - - - -
b93d1ee3 by Moritz Muehlenhoff at 2025-09-10T15:23:35+02:00
new gitlab issues
- - - - -
6679c970 by Moritz Muehlenhoff at 2025-09-10T15:25:10+02:00
CVE assigned for shibboleth
- - - - -
42270606 by Emilio Pozuelo Monfort at 2025-09-10T16:09:03+02:00
lts: triage curl CVEs
- - - - -
7a10d00a by Chris Lamb at 2025-09-10T08:24:55-07:00
data/dla-needed.txt: Claim python-django.
- - - - -
1e77f7fc by Salvatore Bonaccorso at 2025-09-10T17:52:54+02:00
Add CVE reference for DSA 5994-1
- - - - -
02ed25b3 by Salvatore Bonaccorso at 2025-09-10T18:20:25+02:00
Track fixed version for CVE-2025-8961/tiff via unstable
- - - - -
e0a6439c by Moritz Mühlenhoff at 2025-09-10T19:48:21+02:00
hsqldb1.8.0 DSA
- - - - -
692b85db by security tracker role at 2025-09-10T20:12:55+00:00
automatic update
- - - - -
af31bda9 by security tracker role at 2025-09-10T20:14:20+00:00
automatic NOT-FOR-US entries update
- - - - -
4903f363 by Bastien Roucariès at 2025-09-10T22:14:48+02:00
Reserve DLA-4297-1 for imagemagick
- - - - -
e27df84b by Salvatore Bonaccorso at 2025-09-10T22:24:59+02:00
Process some NFUs
- - - - -
7f2c47d3 by Salvatore Bonaccorso at 2025-09-10T22:26:48+02:00
Add CVE-2025-59045/stalwart, itp'ed
- - - - -
546e8f7d by Salvatore Bonaccorso at 2025-09-10T22:29:56+02:00
Add CVE-2025-59037/duckdb
- - - - -
b75027ec by Salvatore Bonaccorso at 2025-09-10T22:42:35+02:00
Track fixed version for CVE-2025-10148 via unstable
- - - - -
76ad5833 by Salvatore Bonaccorso at 2025-09-10T22:44:15+02:00
Add Debian bug reference for CVE-2025-8277/libssh
- - - - -
dc7a1b49 by Salvatore Bonaccorso at 2025-09-10T22:46:43+02:00
Add Debian bug reference for CVE-2025-58782/jackrabbit
- - - - -
1c94d0fb by Chris Lamb at 2025-09-10T15:30:52-07:00
Add notes about CVE-2025-50817.
- - - - -
aa7847a9 by Chris Lamb at 2025-09-10T15:31:54-07:00
dla-needed.txt: Update note for python-future.
- - - - -
e93f3620 by Andres Salomon at 2025-09-10T22:07:38-04:00
chromium dsa
- - - - -
1116f152 by Salvatore Bonaccorso at 2025-09-11T08:18:41+02:00
Process some NFUs
- - - - -
9c7e8c43 by Salvatore Bonaccorso at 2025-09-11T08:21:13+02:00
auto-nfu: Add another NVIDIA covered product
- - - - -
54fa4dc8 by Salvatore Bonaccorso at 2025-09-11T08:21:44+02:00
Process new NFUs
- - - - -
f6b8d0ba by security tracker role at 2025-09-11T08:12:07+00:00
automatic update
- - - - -
6bd30779 by security tracker role at 2025-09-11T08:13:01+00:00
automatic NOT-FOR-US entries update
- - - - -
0bffab6a by Salvatore Bonaccorso at 2025-09-11T10:54:45+02:00
Process some NFUs
- - - - -
d5061225 by Emilio Pozuelo Monfort at 2025-09-11T11:13:46+02:00
lts: CVE-2024-7883/llvm-toolchain-19 ignored
- - - - -
4bef222c by Emilio Pozuelo Monfort at 2025-09-11T11:15:33+02:00
lts: CVE-2025-9566/libpod no-dsa on bullseye
- - - - -
37b8c28d by Emilio Pozuelo Monfort at 2025-09-11T11:17:24+02:00
lts: CVE-2025-8277/libssh no-dsa on bullseye
The issue is very minor and only affects clients, not servers.
- - - - -
bb8c2929 by Moritz Muehlenhoff at 2025-09-11T12:44:52+02:00
NFUs
- - - - -
778c4b83 by Salvatore Bonaccorso at 2025-09-11T17:44:01+02:00
Add two new cups issues
- - - - -
730783ec by Salvatore Bonaccorso at 2025-09-11T17:47:14+02:00
Track fixed version for cups via unstable
- - - - -
67a6625f by Salvatore Bonaccorso at 2025-09-11T17:48:57+02:00
Track commits for cups issues
- - - - -
405b9175 by Salvatore Bonaccorso at 2025-09-11T17:50:21+02:00
Add cups to dsa-needed list
- - - - -
3a980a6b by Salvatore Bonaccorso at 2025-09-11T17:52:26+02:00
Add references to advisories for cups issues
- - - - -
cafe1472 by Salvatore Bonaccorso at 2025-09-11T18:13:49+02:00
Add CVE-2025-40300/linux
- - - - -
5d066a2f by Salvatore Bonaccorso at 2025-09-11T19:31:23+02:00
Add additional commit for CVE-2025-40300
- - - - -
b2cf2cb4 by Aron Xu at 2025-09-12T01:59:37+08:00
DSA for imagemagick
- - - - -
b4dc666c by Salvatore Bonaccorso at 2025-09-11T20:14:33+02:00
Move two CVEs out of intersected list for CVEs
As they only affect trixie, move them out of the DSA list as workaround
and only track the trixie version as fixed in the CVE list. The advisory
still references all CVEs which is fine.
- - - - -
e64fbf96 by Salvatore Bonaccorso at 2025-09-11T20:38:15+02:00
Merge Linux CVEs from kernel-sec
- - - - -
547e6520 by Salvatore Bonaccorso at 2025-09-11T20:44:40+02:00
Merge Linux CVEs from kernel-sec
- - - - -
29419a3a by Salvatore Bonaccorso at 2025-09-11T20:55:03+02:00
Reserve DSA number for cups update
- - - - -
7133ee67 by Salvatore Bonaccorso at 2025-09-11T21:30:20+02:00
Reserve DSA numbers for libjson-xs-perl and libcpanel-json-xs-perl updates
- - - - -
926535c3 by Salvatore Bonaccorso at 2025-09-11T21:58:12+02:00
Track fixed version for CVE-2025-40300/linux via unstable
- - - - -
72e1ba55 by security tracker role at 2025-09-11T20:12:34+00:00
automatic update
- - - - -
d29b7091 by security tracker role at 2025-09-11T20:13:32+00:00
automatic NOT-FOR-US entries update
- - - - -
0d8b39f2 by Salvatore Bonaccorso at 2025-09-11T22:29:00+02:00
Process some NFUs
- - - - -
c771fdf6 by Salvatore Bonaccorso at 2025-09-11T22:39:33+02:00
Add CVE-2025-58065/flask-appbuilder
- - - - -
6a98aedd by Salvatore Bonaccorso at 2025-09-11T23:01:06+02:00
Add CVE-2025-48038/erlang
- - - - -
71ef651e by Salvatore Bonaccorso at 2025-09-11T23:03:40+02:00
Add CVE-2025-48039/erlang
- - - - -
554bd9ef by Salvatore Bonaccorso at 2025-09-11T23:07:10+02:00
Add CVE-2025-48040/erlang
- - - - -
1f869df6 by Salvatore Bonaccorso at 2025-09-11T23:09:40+02:00
Add CVE-2025-48041/erlang
- - - - -
0836b461 by Thorsten Alteholz at 2025-09-11T23:42:04+02:00
Reserve DLA-4298-1 for cups
- - - - -
c2d8ec18 by security tracker role at 2025-09-12T08:11:55+00:00
automatic update
- - - - -
b29fcb48 by security tracker role at 2025-09-12T08:12:45+00:00
automatic NOT-FOR-US entries update
- - - - -
8189d910 by Salvatore Bonaccorso at 2025-09-12T10:51:51+02:00
Process NFUs
- - - - -
28113149 by Salvatore Bonaccorso at 2025-09-12T10:52:36+02:00
Add CVE-2025-58754/node-axios
- - - - -
34fd593d by Salvatore Bonaccorso at 2025-09-12T11:11:42+02:00
Add Debian bug reference for CVE-2025-58754/node-axios
- - - - -
c8e9f0e1 by Moritz Muehlenhoff at 2025-09-12T13:44:32+02:00
bookworm/trixie triage
- - - - -
fe420562 by Moritz Muehlenhoff at 2025-09-12T16:23:18+02:00
new ffmpeg issue
- - - - -
0d8e7f91 by Moritz Muehlenhoff at 2025-09-12T17:05:31+02:00
one qemu issue fixed in sid
- - - - -
37e7473b by Moritz Muehlenhoff at 2025-09-12T17:41:14+02:00
NFUs
- - - - -
bee9624a by Salvatore Bonaccorso at 2025-09-12T17:43:25+02:00
Add references for VMScape
- - - - -
6aacea88 by Salvatore Bonaccorso at 2025-09-12T21:09:34+02:00
Update information on CVE-2016-1000107/erlang
- - - - -
46ea8970 by Salvatore Bonaccorso at 2025-09-12T21:25:55+02:00
Merge Linux CVEs from kernel-sec
- - - - -
820553fc by Salvatore Bonaccorso at 2025-09-12T21:48:46+02:00
Add GHSA reference for CVE-2020-25623/erlang
- - - - -
473a4898 by Salvatore Bonaccorso at 2025-09-12T21:49:59+02:00
Add GHSA reference for CVE-2015-2774/erlang
- - - - -
9c7e41b5 by Salvatore Bonaccorso at 2025-09-12T22:00:19+02:00
Update status for CVE-2024-53846/erlang
- - - - -
2ff1bb62 by Salvatore Bonaccorso at 2025-09-12T22:06:28+02:00
Add GHSA reference for CVE-2022-37026/erlang
- - - - -
a9df3d49 by Salvatore Bonaccorso at 2025-09-12T22:07:18+02:00
Add GHSA reference for CVE-2020-35733/erlang
- - - - -
005c4dfe by Salvatore Bonaccorso at 2025-09-12T22:08:43+02:00
Add GHSA reference for CVE-2017-1000385/erlang
- - - - -
02317729 by security tracker role at 2025-09-12T20:12:57+00:00
automatic update
- - - - -
ccd6833a by security tracker role at 2025-09-12T20:14:34+00:00
automatic NOT-FOR-US entries update
- - - - -
0bc43721 by Salvatore Bonaccorso at 2025-09-12T22:32:21+02:00
Process some NFUs
- - - - -
79b8f275 by Salvatore Bonaccorso at 2025-09-12T22:59:22+02:00
Add CVE-2025-27233/zabbix
- - - - -
321ee396 by Salvatore Bonaccorso at 2025-09-12T23:04:37+02:00
Add CVE-2025-27234/zabbix
- - - - -
ce1274d6 by Salvatore Bonaccorso at 2025-09-12T23:16:59+02:00
Update status for CVE-2025-27234/zabbix
- - - - -
200c8be7 by Salvatore Bonaccorso at 2025-09-12T23:18:41+02:00
Add CVE-2025-27238/zabbix
- - - - -
7c4e30a5 by Salvatore Bonaccorso at 2025-09-12T23:21:35+02:00
Add CVE-2025-27240/zabbix
- - - - -
a42d8300 by Moritz Muehlenhoff at 2025-09-12T23:44:19+02:00
mark several AMD GPU issues as NFU: AMD
These are all for issues in th proprietary Radeon drivers and not for the
stack present in Debian which consists mostly of DRM drivers in Linux
(and which are all covered by the Linux CNA)
- - - - -
0d04c7f4 by Adam D. Barratt at 2025-09-12T23:10:53+01:00
Add missing epoch for DSA-5997-1/bookworm
- - - - -
1f6c828d by Salvatore Bonaccorso at 2025-09-13T10:04:47+02:00
Mark some more CVEs as NFU for AMD
While it is not entirely clear if they might be as well covered in
amd64-microcode, they explicitly state they have mitigations in AMD EPYC
Platform Initialization (PI) firmware. So for now mark them as NFU.
- - - - -
9bc1fabf by security tracker role at 2025-09-13T08:13:00+00:00
automatic update
- - - - -
c768b7b4 by security tracker role at 2025-09-13T08:14:12+00:00
automatic NOT-FOR-US entries update
- - - - -
7846ffd8 by Salvatore Bonaccorso at 2025-09-13T10:30:33+02:00
Process new NFUs
- - - - -
570ff148 by Salvatore Bonaccorso at 2025-09-13T10:46:53+02:00
Add Debian bug reference for CVE-2016-1000107/erlang
- - - - -
bf31f533 by Salvatore Bonaccorso at 2025-09-13T12:52:59+02:00
Add Debian bug references for erlang issues
- - - - -
325137a6 by Utkarsh Gupta at 2025-09-13T14:53:00+02:00
Add missing -1 for old DSA entries
This also helps enahnce the consistency between the
DSA number reserved v/s the mailing list announcement.
Fixes: #28
- - - - -
28 changed files:
- .gitignore
- bin/add-dsa-needed.sh
- bin/check-new-issues
- bin/check-syntax
- bin/lts-cve-triage.py
- − bin/lts-needs-forward-port.py
- bin/tracker_data.py
- bin/tracker_service.py
- bin/unsupported_packages.py
- data/CVE/list
- data/DLA/list
- data/DSA/list
- data/config.json
- data/dla-needed.txt
- data/dsa-needed.txt
- data/embedded-code-copies
- data/next-oldstable-point-update.txt
- data/next-point-update.txt
- data/packages/fixes-via-micro-releases.txt
- data/packages/nfu.yaml
- data/packages/removed-packages
- doc/DSA.template
- doc/security-team.d.o/index
- doc/security-team.d.o/security_tracker
- lib/debian-releases.mk
- lib/python/web_support.py
- org/lts-frontdesk.2025.txt
- static/distributions.json
Changes:
=====================================
.gitignore
=====================================
@@ -14,8 +14,12 @@ stamps/
*.pyc
*~
\#*#
-D?A-*-?
-D?A-*-?.signed
+
+#
+# rules for advisories and signed advisories
+#
+[[:alpha:]]*-[[:digit:]]*-[[:digit:]]*
+[[:alpha:]]*-[[:digit:]]*-[[:digit:]]*.signed
#
# rules for experimental compare-nvd-cve
=====================================
bin/add-dsa-needed.sh
=====================================
@@ -20,7 +20,7 @@
set -eu
-include_oldstable=false
+include_oldstable=true
turl="https://security-tracker.debian.org/tracker/status/release"
[ -f data/dsa-needed.txt ] || {
=====================================
bin/check-new-issues
=====================================
@@ -491,7 +491,8 @@ for name, cve in cves.items():
todos.append(name)
num_missing_bug += 1
-print_stats()
+if not args.auto:
+ print_stats()
if not args.list and not args.auto:
print("")
=====================================
bin/check-syntax
=====================================
@@ -12,8 +12,6 @@ def do_parse(f):
try:
for r in f:
n = r.name
- if n[0:4] in ('CAN', 'CVE'):
- n = n[4:]
if n in names:
if names[n] != r.name:
sys.stderr.write("error: duplicate CVE entry: %s and %s\n"
=====================================
bin/lts-cve-triage.py
=====================================
@@ -1,6 +1,12 @@
#!/usr/bin/env python3
-
-# Copyright 2015 Raphael Hertzog <hertzog at debian.org>
+# Gather CVE information for front-desk triage
+# Copyright (C) 2015, 2017 Raphael Hertzog <hertzog at debian.org>
+# Copyright (C) 2015, 2017 Guido Günther <agx at sigxcpu.org>
+# Copyright (C) 2016, 2017, 2019, 2021 Chris Lamb <lamby at debian.org>
+# Copyright (C) 2016 Mike Gabriel <sunweaver at debian.org>
+# Copyright (C) 2019, 2022, 2024, 2025 Sylvain Beucler <beuc at beuc.net>
+# Copyright (C) 2019, 2020, 2023 Emilio Pozuelo Monfort <pochu at debian.org>
+# Copyright (C) 2025 François Lesueur <flesueur at alwaysdata.com>
#
# This file is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -15,22 +21,30 @@
# You should have received a copy of the GNU General Public License
# along with this file. If not, see <https://www.gnu.org/licenses/>.
+# The data flow is currently complex, see:
+# https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/92
+
import setup_paths
import sys
import argparse
import collections
+import functools
import re
+from apt_pkg import version_compare
from tracker_data import TrackerData
from unsupported_packages import UnsupportedPackages, LimitedSupportPackages
+from debian_support import PointUpdateParser
import config
-RELEASES = {
- 'lts': config.get_supported_releases()[0],
- 'next_lts': config.get_supported_releases()[1],
-}
+supported_releases = config.get_supported_releases()
+all_releases = config.get_all_releases()
+RELEASES = {}
+RELEASES['lts'] = supported_releases[0]
+RELEASES['next_lts'] = supported_releases[1]
+RELEASES['prev_lts'] = all_releases[all_releases.index(RELEASES['lts'])-1]
def colored(x, *args, **kwargs):
return x
@@ -48,7 +62,10 @@ except ImportError:
file=sys.stderr)
-TRACKER_URL = 'https://security-tracker.debian.org/tracker/'
+# Display links to ELTS' tracker URL which has more dists,
+# to easily compare prev_lts/lts/next_lts:
+#TRACKER_LINK_URL = 'https://security-tracker.debian.org/tracker/'
+TRACKER_LINK_URL = 'https://deb.freexian.com/extended-lts/tracker/'
LIST_NAMES = (
('triage_end_of_life',
@@ -69,15 +86,17 @@ LIST_NAMES = (
.format(**RELEASES)),
('triage_other',
'Other issues to triage (no special status)'),
- ('triage_possible_missed_fixes',
- ('Issues postponed for {lts}, but already fixed in {next_lts} via DSA or point releases (to be fixed or <ignored>)')
+ ('from_next_lts',
+ ('Issues postponed for {lts}, but already fixed in {next_lts} via DSA or point releases (low priority)')
.format(**RELEASES)),
('unexpected_nodsa',
('Issues tagged no-dsa in {lts} that are open in {next_lts}')
.format(**RELEASES)),
- ('possible_easy_fixes',
- ('Issues from dla-needed.txt that are already fixed in {next_lts}')
- .format(**RELEASES)),
+ ('to_forward',
+ ('Issues fixed in {lts} but not in {next_lts} (low priority) [caution: new report]'
+ + '\ncf. https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/?label_name%5B%5D=%28O%29SPU ').format(**RELEASES)),
+ ('from_elts',
+ ('Issues fixed in {prev_lts} and {next_lts} but not in {lts} [caution: new report]').format(**RELEASES)),
('undetermined',
('Undetermined issues in {lts}').format(**RELEASES)),
)
@@ -103,17 +122,53 @@ limited = LimitedSupportPackages(codename=RELEASES['lts'],
unsupported_re = re.compile('|'.join(unsupported))
limited_re = re.compile('|'.join(limited))
+secupdate_re = re.compile(r'deb\d+u\d+$')
-def add_to_list(key, pkg, issue):
+if config.get_release_alias(RELEASES['next_lts']) == 'stable':
+ pu_expected = PointUpdateParser.parseNextPointUpdateStable()
+elif config.get_release_alias(RELEASES['next_lts']) == 'oldstable':
+ pu_expected = PointUpdateParser.parseNextOldstablePointUpdate()
+else:
+ print("Error: {} is neither stable nor oldstable".format(RELEASES['next_lts']))
+ raise SystemExit(1)
+
+def add_to_list(key, pkg, cve, annotation=''):
assert key in [l[0] for l in LIST_NAMES]
- lists[key][pkg].append(issue)
+ lists[key][pkg].append((cve, annotation))
+
+def is_next_lts_fix_explicit(issue):
+ """Was the fix in stable/oldstable explicit or inherited from unstable?"""
+ next_lts_fixed_version = issue.data['releases'][RELEASES['next_lts']]['fixed_version']
+ if 'sid' in issue.data['releases']:
+ if 'fixed_version' not in issue.data['releases']['sid']:
+ # if sid is unfixed, the fix is probably explicit
+ return True
+
+ unstable_version = issue.data['releases']['sid']['fixed_version']
+ is_explicit_fix = version_compare(next_lts_fixed_version, unstable_version) < 0
+ else:
+ # package removed from sid, use heuristic
+ is_explicit_fix = re.search(secupdate_re, next_lts_fixed_version)
+ return bool(is_explicit_fix)
for pkg in tracker.iterate_packages():
+ if pkg in tracker.dla_needed:
+ # Issues already triaged
+ continue
for issue in tracker.iterate_pkg_issues(pkg):
status_in_lts = issue.get_status(RELEASES['lts'])
status_in_next_lts = issue.get_status(RELEASES['next_lts'])
+ if ((status_in_lts.status == 'resolved' and status_in_lts.reason != 'fixed in 0' and status_in_lts.urgency != 'unimportant')
+ and (status_in_next_lts.status not in ('resolved', 'not-affected')
+ and (status_in_next_lts.status != 'ignored' or issue.data['releases'].get(RELEASES['next_lts'], {}).get('nodsa_reason', 'ignored') != 'ignored'))
+ and issue.name not in pu_expected):
+ note = ''
+ if status_in_next_lts.status == 'open':
+ note += ' [wf secteam triage]'
+ add_to_list('to_forward', pkg, issue, note)
+
if status_in_lts.status in ('not-affected', 'resolved'):
continue
@@ -122,56 +177,68 @@ for pkg in tracker.iterate_packages():
add_to_list('triage_end_of_life', pkg, issue)
continue
- if pkg not in tracker.dla_needed: # Issues not triaged yet
-
- # package issues in LTS that still need being triaged
-
- if re.fullmatch(limited_re, pkg):
- add_to_list('triage_limited_support', pkg, issue)
- continue
-
- if status_in_next_lts.status == 'open':
- if (pkg in tracker.dsa_needed or
- pkg+'/stable' in tracker.dsa_needed or
- pkg+'/oldstable' in tracker.dsa_needed):
- add_to_list('triage_already_in_dsa_needed', pkg, issue)
- else:
- add_to_list('triage_other_not_triaged_in_next_lts',
- pkg, issue)
- elif (status_in_next_lts.status == 'ignored' and
- status_in_next_lts.reason == 'no-dsa'):
- add_to_list('triage_likely_nodsa', pkg, issue)
- elif status_in_next_lts.status == 'resolved':
- add_to_list('triage_possible_easy_fixes', pkg, issue)
- else:
- add_to_list('triage_other', pkg, issue)
+ if re.fullmatch(limited_re, pkg):
+ add_to_list('triage_limited_support', pkg, issue)
+ continue
+ if status_in_next_lts.status == 'open':
+ if (pkg in tracker.dsa_needed or
+ pkg+'/stable' in tracker.dsa_needed or
+ pkg+'/oldstable' in tracker.dsa_needed):
+ add_to_list('triage_already_in_dsa_needed', pkg, issue)
+ else:
+ add_to_list('triage_other_not_triaged_in_next_lts',
+ pkg, issue)
+ elif (status_in_next_lts.status == 'ignored' and
+ status_in_next_lts.reason == 'no-dsa'):
+ add_to_list('triage_likely_nodsa', pkg, issue)
+ elif status_in_next_lts.status == 'resolved':
+ add_to_list('triage_possible_easy_fixes', pkg, issue)
else:
-
- # package issues already triaged for LTS...
-
- if status_in_next_lts.status == 'resolved':
- add_to_list('possible_easy_fixes', pkg, issue)
+ add_to_list('triage_other', pkg, issue)
# status=='ignored': <no-dsa>/<postponed>/<ignored>/<unimportant>/<undetermined>
elif status_in_lts.status == 'ignored':
if (status_in_lts.reason == 'no-dsa' and
status_in_next_lts.status == 'open'):
- add_to_list('unexpected_nodsa', pkg, issue)
+ add_to_list('unexpected_nodsa', pkg, issue,
+ issue.data['releases'][RELEASES['lts']]['nodsa_reason'])
elif (status_in_lts.reason == 'no-dsa' and
- status_in_next_lts.status == 'resolved' and
- pkg not in tracker.dla_needed):
- # include fixes from DSA or stable/oldstable point releases
- # exclude issues explicitly ignored, and old fixes back in unstable
+ status_in_next_lts.status == 'resolved'):
+ # include explicit fixes from DSA or stable/oldstable point releases
+ # exclude issues explicitly ignored, and old fixes back from unstable
nodsa_reason = issue.data['releases'][RELEASES['lts']]['nodsa_reason']
- fixed_version = issue.data['releases'][RELEASES['next_lts']]['fixed_version']
- if (nodsa_reason != 'ignored' and
- ('~deb' in fixed_version or '+deb' in fixed_version)):
- add_to_list('triage_possible_missed_fixes', pkg, issue)
+ if is_next_lts_fix_explicit(issue) and nodsa_reason != 'ignored':
+ add_to_list('from_next_lts', pkg, issue)
elif status_in_lts.reason == 'undetermined':
add_to_list('undetermined', pkg, issue)
+tracker_elts = TrackerData(update_cache=not args.skip_cache_update,
+ data_url="https://deb.freexian.com/extended-lts/tracker/data/json",
+ git_url="https://salsa.debian.org/freexian-team/extended-lts/security-tracker.git",
+ id="elts_tracker")
+
+for pkg in tracker_elts.iterate_packages():
+ if pkg in tracker.dla_needed:
+ # Issues already triaged
+ continue
+ for issue in tracker_elts.iterate_pkg_issues(pkg):
+ status_in_lts = issue.get_status(RELEASES['lts'])
+ status_in_next_lts = issue.get_status(RELEASES['next_lts'])
+ status_in_elts = issue.get_status(RELEASES['prev_lts'])
+
+ if ( status_in_elts.status == 'resolved'
+ and status_in_elts.reason != 'fixed in 0'
+ and status_in_next_lts.status == 'resolved'
+ and status_in_lts.status not in ('resolved', 'not-affected')
+ and status_in_lts.urgency != 'unimportant'):
+ annotation = issue.data['releases'][RELEASES['lts']]['nodsa_reason']
+ if not is_next_lts_fix_explicit(issue):
+ annotation += ' [{next_lts} fixed via unstable]'.format(**RELEASES)
+ add_to_list('from_elts', pkg, issue, annotation)
+
+
for key, desc in LIST_NAMES:
if args.filter is not None and key not in args.filter:
continue
@@ -186,22 +253,20 @@ for key, desc in LIST_NAMES:
formatstring = '\n* {:<35s} {}'
print(formatstring.format(
colored(pkg, 'red', attrs=('bold', 'underline')),
- colored('{}source-package/{}'.format(TRACKER_URL, pkg), 'blue'),
+ colored('{}source-package/{}'.format(TRACKER_LINK_URL, pkg), 'blue'),
))
nb_issues = 0
- for x in sorted(lists[key][pkg], key=lambda x: x.name):
+ versionrsort = functools.cmp_to_key(lambda a, b: version_compare(b[0].name, a[0].name))
+ for (cve, annotation) in sorted(lists[key][pkg], key=versionrsort):
# limit very large lists such as linux'
nb_issues += 1
if nb_issues > 10:
print(' - ...')
break
- url = '{}{}'.format(TRACKER_URL, x.name)
+ url = '{}{}'.format(TRACKER_LINK_URL, cve.name)
print(' - {:<16s} {} {}'.format(
- x.name,
+ cve.name,
colored(url, 'blue'),
- (key == 'unexpected_nodsa' and
- x.data['releases'][RELEASES['lts']]['nodsa_reason']
- or '')),
+ annotation)
)
-
print('')
=====================================
bin/lts-needs-forward-port.py deleted
=====================================
@@ -1,105 +0,0 @@
-#!/usr/bin/python3
-#
-# Copyright 2016 Guido Günther <agx at sigxcpu.org>
-#
-# This file is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 2 of the License, or
-# (at your option) any later version.
-#
-# This file is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this file. If not, see <https://www.gnu.org/licenses/>.
-
-import argparse
-import collections
-import sys
-
-from tracker_data import TrackerData
-
-import setup_paths
-import config
-
-lts = config.get_supported_releases()[0]
-next_lts = config.get_supported_releases()[1]
-oldstable = config.get_release_codename('oldstable')
-
-LIST_NAMES = (
- ('needs_fix_in_next_lts',
- ('Issues that are unfixed in {} but fixed in {}'
- ).format(next_lts, lts)),
- ('needs_review_in_next_lts',
- ('Issues that are no-dsa in {} but fixed in {}'
- ).format(next_lts, lts)),
- ('fixed_via_pu_in_oldstable',
- ('Issues that will be fixed via p-u in {}'
- ).format(oldstable)),
-)
-
-
-def main():
- def add_to_list(key, pkg, issue):
- assert key in [l[0] for l in LIST_NAMES]
- lists[key][pkg].append(issue)
-
- parser = argparse.ArgumentParser(
- description='Find discrepancies between suites')
- parser.add_argument('--skip-cache-update', action='store_true',
- help='Skip updating the tracker data cache')
- parser.add_argument('--exclude', nargs='+', choices=[x[0] for x in LIST_NAMES],
- help='Filter out specified lists')
-
- args = parser.parse_args()
-
- lists = collections.defaultdict(lambda: collections.defaultdict(lambda: []))
- tracker = TrackerData(update_cache=not args.skip_cache_update)
-
- for pkg in tracker.iterate_packages():
- for issue in tracker.iterate_pkg_issues(pkg):
- status_in_lts = issue.get_status(lts)
- status_in_next_lts = issue.get_status(next_lts)
-
- if status_in_lts.status in ('not-affected', 'open'):
- continue
-
- if status_in_lts.status == 'resolved':
- # Package will be updated via the next oldstable
- # point release
- # FIXME: when lts == oldstable, this should look at the stable pu list
- if (issue.name in tracker.oldstable_point_update and
- pkg in tracker.oldstable_point_update[issue.name]):
- add_to_list('fixed_via_pu_in_oldstable', pkg, issue)
- continue
-
- # The security tracker marks "not-affected" as
- # "resolved in version 0" (#812410)
- if status_in_lts.reason == 'fixed in 0':
- continue
-
- if status_in_next_lts.status == 'open':
- add_to_list('needs_fix_in_next_lts', pkg, issue)
- continue
-
- if status_in_next_lts.status == 'ignored':
- add_to_list('needs_review_in_next_lts', pkg, issue)
- continue
-
- for key, desc in LIST_NAMES:
- if args.exclude is not None and key in args.exclude:
- continue
- if not len(lists[key]):
- continue
- print('{}:'.format(desc))
- for pkg in sorted(lists[key].keys()):
- cve_list = ' '.join(
- [i.name for i in sorted(lists[key][pkg],
- key=lambda i: i.name)])
- print('* {:20s} -> {}'.format(pkg, cve_list))
- print('')
-
-if __name__ == '__main__':
- sys.exit(main())
=====================================
bin/tracker_data.py
=====================================
@@ -1,4 +1,13 @@
-# Copyright 2015 Raphael Hertzog <hertzog at debian.org>
+# Fetch CVE status from online trackers JSON export (for lts-cve-triage.py)
+# Copyright (C) 2015 Raphael Hertzog <hertzog at debian.org>
+# Copyright (C) 2016, 2017 Chris Lamb <lamby at debian.org>
+# Copyright (C) 2016 Guido Günther <agx at sigxcpu.org>
+# Copyright (C) 2017, 2020 Salvatore Bonaccorso <carnil at debian.org>
+# Copyright (C) 2019, 2025 Sylvain Beucler <beuc at beuc.net>
+# Copyright (C) 2019, 2021 Emilio Pozuelo Monfort <pochu at debian.org>
+# Copyright (C) 2020 Roberto C. Sánchez <roberto at debian.org>
+# Copyright (C) 2021 Carles Pina i Estany <carles at pina.cat>
+# Copyright (C) 2025 François Lesueur <flesueur at alwaysdata.com>
#
# This file is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -13,49 +22,50 @@
# You should have received a copy of the GNU General Public License
# along with this file. If not, see <https://www.gnu.org/licenses/>.
+# Note: to manually inspect the JSON output:
+# jq -C . ~/.cache/debian_security_tracker.json | less -R
+# jq -C . ~/.cache/elts_tracker.json | less -R
+
+import functools
import json
import os.path
import re
import subprocess
import requests
-import six
import setup_paths # noqa
from debian_support import PointUpdateParser
class TrackerData(object):
- DATA_URL = "https://security-tracker.debian.org/tracker/data/json"
- GIT_URL = "https://salsa.debian.org/security-tracker-team/security-tracker.git"
CACHED_DATA_DIR = "~/.cache"
- CACHED_DATA_PATH = "~/.cache/debian_security_tracker.json"
- CACHED_REVISION_PATH = "~/.cache/debian_security_tracker.rev"
- GET_REVISION_COMMAND = \
- "LC_ALL=C git ls-remote %s HEAD | cut -f1" % GIT_URL
+ CACHED_DATA_PATH_FMT = "~/.cache/{}.json"
+ CACHED_REVISION_PATH_FMT = "~/.cache/{}.rev"
DATA_DIR = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'data')
- def __init__(self, update_cache=True):
- self._latest_revision = None
+ def __init__(self, update_cache=True,
+ data_url="https://security-tracker.debian.org/tracker/data/json",
+ git_url="https://salsa.debian.org/security-tracker-team/security-tracker.git",
+ id="debian_security_tracker"):
+ self.data_url = data_url
+ self.git_url = git_url
+ self.id = id
self.cached_data_dir = os.path.expanduser(self.CACHED_DATA_DIR)
- self.cached_data_path = os.path.expanduser(self.CACHED_DATA_PATH)
+ self.cached_data_path = os.path.expanduser(self.CACHED_DATA_PATH_FMT.format(id))
self.cached_revision_path = os.path.expanduser(
- self.CACHED_REVISION_PATH)
+ self.CACHED_REVISION_PATH_FMT.format(id))
if update_cache:
self.update_cache()
self.load()
- @property
+ @functools.cached_property
def latest_revision(self):
"""Return the current revision of the Git repository"""
- # Return cached value if available
- if self._latest_revision is not None:
- return self._latest_revision
- # Otherwise call out to git to get the latest revision
- output = subprocess.check_output(self.GET_REVISION_COMMAND,
- shell=True)
- self._latest_revision = output.strip()
- return self._latest_revision
+ output = subprocess.check_output(["git", "ls-remote", self.git_url, "HEAD"],
+ env={"LC_ALL": "C"},
+ shell=False)
+ return output.split()[0]
def _cache_must_be_updated(self):
"""Verify if the cache is out of date"""
@@ -75,9 +85,9 @@ class TrackerData(object):
if not self._cache_must_be_updated():
return
- print("Updating {} from {} ...".format(self.CACHED_DATA_PATH,
- self.DATA_URL))
- response = requests.get(self.DATA_URL, allow_redirects=True)
+ print("Updating {} from {} ...".format(self.CACHED_DATA_PATH_FMT.format(self.id),
+ self.data_url))
+ response = requests.get(self.data_url, allow_redirects=True)
response.raise_for_status()
# if ~/.cache does not exist, then open() will fail
if not os.path.exists(self.cached_data_dir):
@@ -95,8 +105,8 @@ class TrackerData(object):
@classmethod
def parse_needed_file(self, inputfile):
- PKG_RE = '^(\S+)(?:\s+\((.*)\))?$'
- SEP_RE = '^--$'
+ PKG_RE = r'^(\S+)(?:\s+\((.*)\))?$'
+ SEP_RE = r'^--$'
state = 'LOOK_FOR_SEP'
result = {}
package = ''
@@ -138,18 +148,19 @@ class TrackerData(object):
yield pkg
def iterate_pkg_issues(self, pkg):
- for id, data in six.iteritems(self.data[pkg]):
+ for id, data in iter(self.data[pkg].items()):
data['package'] = pkg
yield Issue(id, data)
class IssueStatus(object):
- def __init__(self, status, reason=None):
+ def __init__(self, status, reason=None, urgency=None):
self.status = status
self.reason = reason
+ self.urgency = urgency
def __str__(self):
- return str((self.status, self.reason))
+ return str((self.status, self.reason, self.urgency))
class Issue(object):
'''Status of a security issue'''
@@ -160,6 +171,8 @@ class Issue(object):
def get_status(self, release):
data = self.data['releases'].get(release)
+ urgency = data['urgency'] if data else 'unimportant'
+
if data is None:
status = 'not-affected'
# XXX: ask for data to differentiate between "package not in
@@ -187,4 +200,4 @@ class Issue(object):
else:
status = 'open'
reason = 'nobody fixed it yet'
- return IssueStatus(status, reason)
+ return IssueStatus(status, reason, urgency)
=====================================
bin/tracker_service.py
=====================================
@@ -587,6 +587,10 @@ to improve our documentation and procedures, so feedback is welcome.""")])])
status=404)
pkg = path[0]
+
+ if not self.db.isSourcePackage(self.db.cursor(), pkg):
+ return self.page_not_found(url, pkg)
+
data = security_db.getBugsForSourcePackage(self.db.cursor(), pkg)
def gen_versions():
@@ -1334,7 +1338,7 @@ Debian bug number.'''),
return url.absolute("https://bugzilla.redhat.com/show_bug.cgi",
id=name)
def url_ubuntu_bug(self, url, name):
- return url.absolute("https://people.canonical.com/~ubuntu-security/cve/%s" % name)
+ return url.absolute("https://ubuntu.com/security/%s" % name)
def url_gentoo_bug(self, url, name):
return url.absolute("https://bugs.gentoo.org/show_bug.cgi", id=name)
def url_suse_bug(self, url, name):
=====================================
bin/unsupported_packages.py
=====================================
@@ -1,4 +1,9 @@
-# Copyright 2016 Chris Lamb <lamby at debian.org>
+# Fetch package support from debian-security-support (for lts-cve-triage.py)
+# Copyright (C) 2016, 2018 Chris Lamb <lamby at debian.org>
+# Copyright (C) 2016 Guido Günther <agx at sigxcpu.org>
+# Copyright (C) 2022, 2023 Emilio Pozuelo Monfort <pochu at debian.org>
+# Copyright (C) 2024 Sylvain Beucler <beuc at beuc.net>
+# Copyright (C) 2025 Jochen Sprickerhof <git at jochen.sprickerhof.de>
#
# This file is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -22,6 +27,9 @@ import requests
re_line_limited = re.compile(r'(?!#)(?P<pkg>[^\s]+)\s*limited')
re_line_unsupported = re.compile(r'(?!#)(?P<pkg>[^\s]+)\s*non-supported')
+# TODO: support new "supported" line that overrides the above;
+# adapt code in lts-cve-triage as well;
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108170#20
class DebSecSupport(set):
=====================================
data/CVE/list
=====================================
The diff for this file was not included because it is too large.
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,190 @@
+[11 Sep 2025] DLA-4298-1 cups - security update
+ {CVE-2025-58060 CVE-2025-58364}
+ [bullseye] - cups 2.3.3op2-3+deb11u10
+[10 Sep 2025] DLA-4297-1 imagemagick - security update
+ {CVE-2025-53014 CVE-2025-53019 CVE-2025-53101 CVE-2025-55154 CVE-2025-55212 CVE-2025-55298 CVE-2025-57803 CVE-2025-57807}
+ [bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u6
+[08 Sep 2025] DLA-4296-1 qemu - security update
+ {CVE-2024-7409}
+ [bullseye] - qemu 1:5.2+dfsg-11+deb11u5
+[08 Sep 2025] DLA-4168-2 openafs - regression update
+ [bullseye] - openafs 1.8.6-5+deb11u2
+[08 Sep 2025] DLA-4295-1 libhtp - security update
+ {CVE-2024-23837 CVE-2024-45797}
+ [bullseye] - libhtp 1:0.5.36-1+deb11u1
+[07 Sep 2025] DLA-4294-1 modsecurity-apache - security update
+ {CVE-2025-54571}
+ [bullseye] - modsecurity-apache 2.9.3-3+deb11u5
+[06 Sep 2025] DLA-4293-1 wireless-regdb - security update
+ [bullseye] - wireless-regdb 2025.07.10-1~deb11u1
+[04 Sep 2025] DLA-4292-1 clamav - security update
+ {CVE-2025-20128 CVE-2025-20260}
+ [bullseye] - clamav 1.0.9+dfsg-1~deb11u1
+[03 Sep 2025] DLA-4291-1 node-cipher-base - security update
+ {CVE-2025-9287}
+ [bullseye] - node-cipher-base 1.0.4-4+deb11u1
+[02 Sep 2025] DLA-4290-1 python-h2 - security update
+ {CVE-2025-57804}
+ [bullseye] - python-h2 4.0.0-3+deb11u1
+[02 Sep 2025] DLA-4289-1 python-eventlet - security update
+ {CVE-2025-58068}
+ [bullseye] - python-eventlet 0.26.1-7+deb11u2
+[01 Sep 2025] DLA-4288-1 ruby-saml - security update
+ {CVE-2025-54572}
+ [bullseye] - ruby-saml 1.11.0-1+deb11u3
+[31 Aug 2025] DLA-4079-2 openvpn - regression update
+ [bullseye] - openvpn 2.5.1-3+deb11u2
+[31 Aug 2025] DLA-4287-1 libsndfile - security update
+ {CVE-2022-33065 CVE-2024-50612}
+ [bullseye] - libsndfile 1.0.31-2+deb11u1
+[31 Aug 2025] DLA-4286-1 libcommons-lang3-java - security update
+ {CVE-2025-48924}
+ [bullseye] - libcommons-lang3-java 3.11-1+deb11u1
+[30 Aug 2025] DLA-4274-2 mbedtls - security update
+ {CVE-2025-47917}
+ [bullseye] - mbedtls 2.16.9-0.1+deb11u3
+[28 Aug 2025] DLA-4285-1 golang-github-gin-contrib-cors - security update
+ {CVE-2019-25211}
+ [bullseye] - golang-github-gin-contrib-cors 1.3.1-1+deb11u1
+[28 Aug 2025] DLA-4284-1 udisks2 - security update
+ {CVE-2025-8067}
+ [bullseye] - udisks2 2.9.2-2+deb11u3
+[25 Aug 2025] DLA-4283-1 luajit - security update
+ {CVE-2019-19391 CVE-2020-15890 CVE-2020-24372 CVE-2024-25176 CVE-2024-25177 CVE-2024-25178}
+ [bullseye] - luajit 2.1.0~beta3+dfsg-5.3+deb11u1
+[25 Aug 2025] DLA-4282-1 firebird3.0 - security update
+ {CVE-2025-54989}
+ [bullseye] - firebird3.0 3.0.7.33374.ds4-2+deb11u1
+[24 Aug 2025] DLA-4281-1 iperf3 - security update
+ {CVE-2025-54349 CVE-2025-54350}
+ [bullseye] - iperf3 3.9-1+deb11u3
+[24 Aug 2025] DLA-4280-1 unbound - security update
+ {CVE-2024-33655 CVE-2025-5994}
+ [bullseye] - unbound 1.13.1-1+deb11u5
+[24 Aug 2025] DLA-4279-1 thunderbird - security update
+ {CVE-2025-9179 CVE-2025-9180 CVE-2025-9181 CVE-2025-9185}
+ [bullseye] - thunderbird 1:128.14.0esr-1~deb11u1
+[22 Aug 2025] DLA-4278-1 mupdf - security update
+ {CVE-2020-21896}
+ [bullseye] - mupdf 1.17.0+ds1-2+deb11u1
+[21 Aug 2025] DLA-4277-1 firefox-esr - security update
+ {CVE-2025-9179 CVE-2025-9180 CVE-2025-9181 CVE-2025-9185}
+ [bullseye] - firefox-esr 128.14.0esr-1~deb11u1
+[20 Aug 2025] DLA-4276-1 webkit2gtk - security update
+ {CVE-2025-6558 CVE-2025-31273 CVE-2025-31278 CVE-2025-43211 CVE-2025-43212 CVE-2025-43216 CVE-2025-43227 CVE-2025-43228 CVE-2025-43240 CVE-2025-43265}
+ [bullseye] - webkit2gtk 2.48.5-1~deb11u1
+[19 Aug 2025] DLA-4275-1 openjdk-17 - security update
+ {CVE-2025-30749 CVE-2025-30754 CVE-2025-50059 CVE-2025-50106}
+ [bullseye] - openjdk-17 17.0.16+8-1~deb11u1
+[18 Aug 2025] DLA-4274-1 mbedtls - security update
+ {CVE-2025-47917 CVE-2025-48965 CVE-2025-52496 CVE-2025-52497}
+ [bullseye] - mbedtls 2.16.9-0.1+deb11u2
+[14 Aug 2025] DLA-4273-1 postgresql-13 - security update
+ {CVE-2025-8713 CVE-2025-8714 CVE-2025-8715}
+ [bullseye] - postgresql-13 13.22-0+deb11u1
+[14 Aug 2025] DLA-4272-1 aide - security update
+ {CVE-2025-54389 CVE-2025-54409}
+ [bullseye] - aide 0.17.3-4+deb11u3
+[13 Aug 2025] DLA-4271-1 linux-6.1 - security update
+ {CVE-2024-26618 CVE-2024-26783 CVE-2024-26807 CVE-2024-28956 CVE-2024-35790 CVE-2024-36903 CVE-2024-36927 CVE-2024-43840 CVE-2024-46751 CVE-2024-53203 CVE-2024-53209 CVE-2024-57945 CVE-2025-21645 CVE-2025-21839 CVE-2025-21931 CVE-2025-22062 CVE-2025-37819 CVE-2025-37890 CVE-2025-37897 CVE-2025-37901 CVE-2025-37903 CVE-2025-37905 CVE-2025-37909 CVE-2025-37911 CVE-2025-37912 CVE-2025-37913 CVE-2025-37914 CVE-2025-37915 CVE-2025-37917 CVE-2025-37921 CVE-2025-37923 CVE-2025-37924 CVE-2025-37927 CVE-2025-37928 CVE-2025-37929 CVE-2025-37930 CVE-2025-37932 CVE-2025-37936 CVE-2025-37947 CVE-2025-37948 CVE-2025-37949 CVE-2025-37951 CVE-2025-37953 CVE-2025-37959 CVE-2025-37961 CVE-2025-37962 CVE-2025-37963 CVE-2025-37964 CVE-2025-37967 CVE-2025-37969 CVE-2025-37970 CVE-2025-37972 CVE-2025-37990 CVE-2025-37991 CVE-2025-37992 CVE-2025-37994 CVE-2025-37995 CVE-2025-37997 CVE-2025-37998 CVE-2025-38005 CVE-2025-38007 CVE-2025-38009 CVE-2025-38015 CVE-2025-38018 CVE-2025-38020 CVE-2025-38023 CVE-2025-38024 CVE-2025-38027 CVE-2025-38094 CVE-2025-38095 CVE-2025-38177}
+ [bullseye] - linux-6.1 6.1.140-1~deb11u1
+[12 Aug 2025] DLA-4270-1 apache2 - security update
+ {CVE-2024-42516 CVE-2024-43204 CVE-2024-43394 CVE-2024-47252 CVE-2025-23048 CVE-2025-49630 CVE-2025-49812 CVE-2025-53020}
+ [bullseye] - apache2 2.4.65-1~deb11u1
+[11 Aug 2025] DLA-4269-1 ca-certificates-java - bugfix update
+ [bullseye] - ca-certificates-java 20230710~deb12u1~deb11u1
+[11 Aug 2025] DLA-4268-1 node-tmp - security update
+ {CVE-2025-54798}
+ [bullseye] - node-tmp 0.2.1+dfsg-1+deb11u1
+[09 Aug 2025] DLA-4267-1 gnutls28 - security update
+ {CVE-2025-6395 CVE-2025-32988 CVE-2025-32990}
+ [bullseye] - gnutls28 3.7.1-5+deb11u8
+[09 Aug 2025] DLA-4266-1 distro-info-data - database update
+ [bullseye] - distro-info-data 0.51+deb11u9
+[08 Aug 2025] DLA-4265-1 modsecurity-crs - security update
+ {CVE-2020-22669 CVE-2022-39955 CVE-2022-39956 CVE-2022-39957 CVE-2022-39958}
+ [bullseye] - modsecurity-crs 3.3.4-1~deb11u1
+[04 Aug 2025] DLA-4264-1 exempi - security update
+ {CVE-2021-36045 CVE-2021-36046 CVE-2021-36047 CVE-2021-36048 CVE-2021-36050 CVE-2021-36051 CVE-2021-36052 CVE-2021-36053 CVE-2021-36054 CVE-2021-36055 CVE-2021-36056 CVE-2021-36057 CVE-2021-36058 CVE-2021-36064 CVE-2021-39847 CVE-2021-40716 CVE-2021-40732 CVE-2021-42528 CVE-2021-42529 CVE-2021-42530 CVE-2021-42531 CVE-2021-42532}
+ [bullseye] - exempi 2.5.2-1+deb11u1
+[04 Aug 2025] DLA-4263-1 ruby-graphql - security update
+ {CVE-2025-27407}
+ [bullseye] - ruby-graphql 1.11.12-0+deb11u1
+[01 Aug 2025] DLA-4262-1 libcommons-lang-java - security update
+ {CVE-2025-48924}
+ [bullseye] - libcommons-lang-java 2.6-9+deb11u1
+[31 Jul 2025] DLA-4261-1 node-form-data - security update
+ {CVE-2025-7783}
+ [bullseye] - node-form-data 3.0.0-2+deb11u1
+[31 Jul 2025] DLA-4260-1 sope - security update
+ {CVE-2025-53603}
+ [bullseye] - sope 5.0.1-2+deb11u1
+[30 Jul 2025] DLA-4259-1 systemd - security update
+ {CVE-2025-4598}
+ [bullseye] - systemd 247.3-7+deb11u7
+[28 Jul 2025] DLA-4258-1 libfastjson - security update
+ {CVE-2020-12762}
+ [bullseye] - libfastjson 0.99.9-1+deb11u1
+[28 Jul 2025] DLA-4257-1 libcaca - security update
+ {CVE-2021-30498 CVE-2021-30499}
+ [bullseye] - libcaca 0.99.beta19-2.2+deb11u1
+[28 Jul 2025] DLA-4256-1 libetpan - security update
+ {CVE-2022-4121}
+ [bullseye] - libetpan 1.9.4-3+deb11u1
+[28 Jul 2025] DLA-4255-1 audiofile - security update
+ {CVE-2019-13147 CVE-2022-24599}
+ [bullseye] - audiofile 0.3.6-5+deb11u1
+[27 Jul 2025] DLA-4254-1 php7.4 - security update
+ {CVE-2025-1220 CVE-2025-1735 CVE-2025-6491}
+ [bullseye] - php7.4 7.4.33-1+deb11u9
+[27 Jul 2025] DLA-4253-1 thunderbird - security update
+ {CVE-2025-8027 CVE-2025-8028 CVE-2025-8029 CVE-2025-8030 CVE-2025-8031 CVE-2025-8032 CVE-2025-8033 CVE-2025-8034 CVE-2025-8035}
+ [bullseye] - thunderbird 1:128.13.0esr-1~deb11u1
+[27 Jul 2025] DLA-4252-1 snapcast - security update
+ {CVE-2023-36177}
+ [bullseye] - snapcast 0.23.0+dfsg1-1+deb11u1
+[26 Jul 2025] DLA-4251-1 libxml2 - security update
+ {CVE-2024-34459 CVE-2025-6021 CVE-2025-6170 CVE-2025-49794 CVE-2025-49796}
+ [bullseye] - libxml2 2.9.10+dfsg-6.7+deb11u8
+[24 Jul 2025] DLA-4250-1 firefox-esr - security update
+ {CVE-2025-8027 CVE-2025-8028 CVE-2025-8029 CVE-2025-8030 CVE-2025-8031 CVE-2025-8032 CVE-2025-8033 CVE-2025-8034 CVE-2025-8035}
+ [bullseye] - firefox-esr 128.13.0esr-1~deb11u1
+[23 Jul 2025] DLA-4249-1 mediawiki - security update
+ {CVE-2025-3469 CVE-2025-6590 CVE-2025-6591 CVE-2025-6593 CVE-2025-6594 CVE-2025-6595 CVE-2025-6597 CVE-2025-6926 CVE-2025-32072 CVE-2025-32696 CVE-2025-32698 CVE-2025-32699}
+ [bullseye] - mediawiki 1:1.35.13-1+deb11u4
+[23 Jul 2025] DLA-4248-1 openjdk-11 - security update
+ {CVE-2025-30749 CVE-2025-30754 CVE-2025-30761 CVE-2025-50059 CVE-2025-50106}
+ [bullseye] - openjdk-11 11.0.28+6-1~deb11u1
+[21 Jul 2025] DLA-4247-1 djvulibre - security update
+ {CVE-2021-46310 CVE-2021-46312 CVE-2025-53367}
+ [bullseye] - djvulibre 3.5.28-2.2~deb11u1
+[21 Jul 2025] DLA-4246-1 libowasp-esapi-java - security update
+ {CVE-2022-23457 CVE-2022-24891 CVE-2025-5878}
+ [bullseye] - libowasp-esapi-java 2.4.0.0-0+deb11u1
+[21 Jul 2025] DLA-4245-1 libcommons-fileupload-java - security update
+ {CVE-2023-24998 CVE-2025-48976}
+ [bullseye] - libcommons-fileupload-java 1.4-1+deb11u1
+[21 Jul 2025] DLA-4244-1 tomcat9 - security update
+ {CVE-2024-34750 CVE-2024-54677 CVE-2025-31650 CVE-2025-31651 CVE-2025-46701 CVE-2025-48976 CVE-2025-48988 CVE-2025-49125 CVE-2025-52434 CVE-2025-52520 CVE-2025-53506}
+ [bullseye] - tomcat9 9.0.107-0+deb11u1
+[20 Jul 2025] DLA-4243-1 batik - security update
+ {CVE-2020-11987 CVE-2022-38398 CVE-2022-38648 CVE-2022-40146}
+ [bullseye] - batik 1.12-4+deb11u3
+[20 Jul 2025] DLA-4242-1 angular.js - security update
+ {CVE-2022-25844 CVE-2023-26116 CVE-2023-26117 CVE-2023-26118 CVE-2024-8372 CVE-2024-8373 CVE-2024-21490 CVE-2025-0716 CVE-2025-2336}
+ [bullseye] - angular.js 1.8.3-1+deb12u1~deb11u1
+[14 Jul 2025] DLA-4241-1 ffmpeg - security update
+ {CVE-2023-6601 CVE-2023-6602 CVE-2023-6604 CVE-2023-6605}
+ [bullseye] - ffmpeg 7:4.3.9-0+deb11u1
+[12 Jul 2025] DLA-4240-1 redis - security update
+ {CVE-2025-32023 CVE-2025-48367}
+ [bullseye] - redis 5:6.0.16-1+deb11u7
+[11 Jul 2025] DLA-4239-1 thunderbird - security update
+ {CVE-2025-5986 CVE-2025-6424 CVE-2025-6425 CVE-2025-6429 CVE-2025-6430}
+ [bullseye] - thunderbird 1:128.12.0esr-1~deb11u1
+[09 Jul 2025] DLA-4238-1 sslh - security update
+ {CVE-2025-52936}
+ [bullseye] - sslh 1.20-1+deb11u1
[06 Jul 2025] DLA-4237-1 xmedcon - security update
{CVE-2025-2581}
[bullseye] - xmedcon 0.16.3+dfsg-1+deb11u2
@@ -333,10 +520,9 @@
{CVE-2024-56326 CVE-2025-27516}
[bullseye] - jinja2 2.11.3-1+deb11u3
[13 Apr 2025] DLA-4125-1 twitter-bootstrap4 - security update
- {CVE-2024-6531}
[bullseye] - twitter-bootstrap4 4.5.2+dfsg1-8~deb11u2
[13 Apr 2025] DLA-4124-1 twitter-bootstrap3 - security update
- {CVE-2024-6484 CVE-2024-6485}
+ {CVE-2024-6485}
[bullseye] - twitter-bootstrap3 3.4.1+dfsg-2+deb11u1
[12 Apr 2025] DLA-4123-1 wpa - security update
{CVE-2022-23303 CVE-2022-23304 CVE-2022-37660}
@@ -1883,7 +2069,7 @@
[07 Oct 2023] DLA-3607-1 gnome-boxes - security update
[buster] - gnome-boxes 3.30.3-2+deb10u1
[07 Oct 2023] DLA-3606-1 freerdp2 - security update
- {CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033 CVE-2020-11017 CVE-2020-11018 CVE-2020-11019 CVE-2020-11038 CVE-2020-11039 CVE-2020-11040 CVE-2020-11041 CVE-2020-11042 CVE-2020-11043 CVE-2020-11044 CVE-2020-11045 CVE-2020-11046 CVE-2020-11047 CVE-2020-11048 CVE-2020-11049 CVE-2020-11058 CVE-2020-11085 CVE-2020-11086 CVE-2020-11087 CVE-2020-11088 CVE-2020-11089 CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098 CVE-2020-11099 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398 CVE-2020-15103 CVE-2023-39350 CVE-2023-39351 CVE-2023-39352 CVE-2023-39353 CVE-2023-39354 CVE-2023-39355 CVE-2023-39356 CVE-2023-40567 CVE-2023-40181 CVE-2023-40186 CVE-2023-40188 CVE-2023-40569 CVE-2023-40589}
+ {CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033 CVE-2020-11017 CVE-2020-11018 CVE-2020-11019 CVE-2020-11038 CVE-2020-11039 CVE-2020-11040 CVE-2020-11041 CVE-2020-11042 CVE-2020-11043 CVE-2020-11044 CVE-2020-11045 CVE-2020-11046 CVE-2020-11047 CVE-2020-11048 CVE-2020-11049 CVE-2020-11058 CVE-2020-11085 CVE-2020-11086 CVE-2020-11087 CVE-2020-11088 CVE-2020-11089 CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098 CVE-2020-11099 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398 CVE-2020-15103 CVE-2023-39350 CVE-2023-39351 CVE-2023-39352 CVE-2023-39353 CVE-2023-39354 CVE-2023-39356 CVE-2023-40567 CVE-2023-40181 CVE-2023-40186 CVE-2023-40188 CVE-2023-40569 CVE-2023-40589}
[buster] - freerdp2 2.3.0+dfsg1-2+deb10u3
[06 Oct 2023] DLA-3605-1 grub2 - security update
{CVE-2023-4692 CVE-2023-4693}
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,137 @@
+[11 Sep 2025] DSA-6000-1 libcpanel-json-xs-perl - security update
+ {CVE-2025-40929}
+ [bookworm] - libcpanel-json-xs-perl 4.35-1+deb12u1
+ [trixie] - libcpanel-json-xs-perl 4.39-2~deb13u1
+[11 Sep 2025] DSA-5999-1 libjson-xs-perl - security update
+ {CVE-2025-40928}
+ [bookworm] - libjson-xs-perl 4.040-1~deb12u1
+ [trixie] - libjson-xs-perl 4.040-1~deb13u1
+[11 Sep 2025] DSA-5998-1 cups - security update
+ {CVE-2025-58060 CVE-2025-58364}
+ [bookworm] - cups 2.4.2-3+deb12u9
+ [trixie] - cups 2.4.10-3+deb13u1
+[12 Sep 2025] DSA-5997-1 imagemagick - security update
+ {CVE-2025-55154 CVE-2025-55212 CVE-2025-55298 CVE-2025-57803 CVE-2025-57807}
+ [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u4
+ [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u2
+[10 Sep 2025] DSA-5996-1 chromium - security update
+ {CVE-2025-10200 CVE-2025-10201}
+ [bookworm] - chromium 140.0.7339.127-1~deb12u1
+ [trixie] - chromium 140.0.7339.127-1~deb13u1
+[10 Sep 2025] DSA-5995-1 hsqldb1.8.0 - security update
+ {CVE-2023-1183}
+ [trixie] - hsqldb1.8.0 1.8.0.10+dfsg-12.1+deb13u1
+[07 Sep 2025] DSA-5994-1 shibboleth-sp - security update
+ {CVE-2025-9943}
+ [bookworm] - shibboleth-sp 3.4.1+dfsg-2+deb12u1
+ [trixie] - shibboleth-sp 3.5.0+dfsg-2+deb13u1
+[05 Sep 2025] DSA-5993-1 chromium - security update
+ {CVE-2025-9864 CVE-2025-9865 CVE-2025-9866 CVE-2025-9867}
+ [bookworm] - chromium 140.0.7339.80-1~deb12u1
+ [trixie] - chromium 140.0.7339.80-1~deb13u1
+[30 Aug 2025] DSA-5992-1 firebird4.0 - security update
+ {CVE-2025-24975 CVE-2025-54989}
+ [trixie] - firebird4.0 4.0.5.3140.ds6-17+deb13u1
+[29 Aug 2025] DSA-5991-1 nodejs - security update
+ {CVE-2023-46809 CVE-2024-21892 CVE-2024-22019 CVE-2024-22020 CVE-2024-22025 CVE-2024-27982 CVE-2024-27983 CVE-2025-47153}
+ [bookworm] - nodejs 18.20.4+dfsg-1~deb12u1
+[29 Aug 2025] DSA-5990-1 libxml2 - security update
+ [bookworm] - libxml2 2.9.14+dfsg-1.3~deb12u4
+ [trixie] - libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u1
+[28 Aug 2025] DSA-5989-1 udisks2 - security update
+ {CVE-2025-8067}
+ [bookworm] - udisks2 2.9.4-4+deb12u2
+ [trixie] - udisks2 2.10.1-12.1+deb13u1
+[27 Aug 2025] DSA-5988-1 chromium - security update
+ {CVE-2025-9478}
+ [bookworm] - chromium 139.0.7258.154-1~deb12u1
+ [trixie] - chromium 139.0.7258.154-1~deb13u1
+[27 Aug 2025] DSA-5987-1 unbound - security update
+ {CVE-2024-8508 CVE-2024-33655 CVE-2025-5994}
+ [bookworm] - unbound 1.17.1-2+deb12u3
+[26 Aug 2025] DSA-5986-1 node-cipher-base - security update
+ {CVE-2025-9287}
+ [bookworm] - node-cipher-base 1.0.4-6+deb12u1
+ [trixie] - node-cipher-base 1.0.4-6+deb13u1
+[25 Aug 2025] DSA-5985-1 ffmpeg - security update
+ {CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2024-31582 CVE-2024-35367 CVE-2024-35368 CVE-2025-0518 CVE-2025-7700 CVE-2025-22919 CVE-2023-6605 CVE-2023-6602 CVE-2023-6604 CVE-2023-6601}
+ [bookworm] - ffmpeg 7:5.1.7-0+deb12u1
+[24 Aug 2025] DSA-5984-1 thunderbird - security update
+ {CVE-2025-9179 CVE-2025-9180 CVE-2025-9181 CVE-2025-9185}
+ [bookworm] - thunderbird 1:128.14.0esr-1~deb12u1
+ [trixie] - thunderbird 1:128.14.0esr-1~deb13u1
+[22 Aug 2025] DSA-5983-1 qemu - security update
+ [bookworm] - qemu 1:7.2+dfsg-7+deb12u15
+ [trixie] - qemu 1:10.0.2+ds-2+deb13u1
+[21 Aug 2025] DSA-5982-1 squid - security update
+ {CVE-2023-5824 CVE-2025-54574}
+ [bookworm] - squid 5.7-2+deb12u3
+[21 Aug 2025] DSA-5981-1 chromium - security update
+ {CVE-2025-9132}
+ [bookworm] - chromium 139.0.7258.138-1~deb12u1
+ [trixie] - chromium 139.0.7258.138-1~deb13u1
+[20 Aug 2025] DSA-5980-1 firefox-esr - security update
+ {CVE-2025-9179 CVE-2025-9180 CVE-2025-9181 CVE-2025-9185}
+ [bookworm] - firefox-esr 128.14.0esr-1~deb12u1
+ [trixie] - firefox-esr 128.14.0esr-1~deb13u1
+[19 Aug 2025] DSA-5979-1 libxslt - security update
+ {CVE-2023-40403 CVE-2025-7424}
+ [bookworm] - libxslt 1.1.35-1+deb12u2
+ [trixie] - libxslt 1.1.35-1.2+deb13u1
+[18 Aug 2025] DSA-5978-1 webkit2gtk - security update
+ {CVE-2025-6558 CVE-2025-31273 CVE-2025-31278 CVE-2025-43211 CVE-2025-43212 CVE-2025-43216 CVE-2025-43227 CVE-2025-43228 CVE-2025-43240 CVE-2025-43265}
+ [bookworm] - webkit2gtk 2.48.5-1~deb12u1
+ [trixie] - webkit2gtk 2.48.5-1~deb13u1
+[14 Aug 2025] DSA-5977-1 aide - security update
+ {CVE-2025-54389 CVE-2025-54409}
+ [bookworm] - aide 0.18.3-1+deb12u4
+ [trixie] - aide 0.19.1-2+deb13u1
+[14 Aug 2025] DSA-5976-1 chromium - security update
+ {CVE-2025-8879 CVE-2025-8880 CVE-2025-8881 CVE-2025-8882 CVE-2025-8901}
+ [bookworm] - chromium 139.0.7258.127-1~deb12u1
+ [trixie] - chromium 139.0.7258.127-1~deb13u1
+[13 Aug 2025] DSA-5975-1 linux - security update
+ {CVE-2025-22115 CVE-2025-27558 CVE-2025-37925 CVE-2025-37984 CVE-2025-38067 CVE-2025-38104 CVE-2025-38335 CVE-2025-38349 CVE-2025-38351 CVE-2025-38437 CVE-2025-38438 CVE-2025-38439 CVE-2025-38440 CVE-2025-38441 CVE-2025-38443 CVE-2025-38444 CVE-2025-38445 CVE-2025-38446 CVE-2025-38448 CVE-2025-38449 CVE-2025-38450 CVE-2025-38451 CVE-2025-38452 CVE-2025-38454 CVE-2025-38455 CVE-2025-38456 CVE-2025-38457 CVE-2025-38458 CVE-2025-38459 CVE-2025-38460 CVE-2025-38461 CVE-2025-38462 CVE-2025-38463 CVE-2025-38464 CVE-2025-38465 CVE-2025-38466 CVE-2025-38467 CVE-2025-38468 CVE-2025-38469 CVE-2025-38470 CVE-2025-38471 CVE-2025-38472 CVE-2025-38473 CVE-2025-38474 CVE-2025-38475 CVE-2025-38476 CVE-2025-38477 CVE-2025-38478 CVE-2025-38480 CVE-2025-38481 CVE-2025-38482 CVE-2025-38483 CVE-2025-38484 CVE-2025-38485 CVE-2025-38487 CVE-2025-38488 CVE-2025-38489 CVE-2025-38490 CVE-2025-38491 CVE-2025-38493 CVE-2025-38494 CVE-2025-38495 CVE-2025-38496 CVE-2025-38497 CVE-2025-38499 CVE-2025-38500}
+ [trixie] - linux 6.12.41-1
+[13 Aug 2025] DSA-5974-1 pgpool2 - security update
+ {CVE-2024-45624 CVE-2025-46801}
+ [bookworm] - pgpool2 4.3.5-1+deb12u1
+[12 Aug 2025] DSA-5973-1 linux - security update
+ {CVE-2024-36350 CVE-2024-36357 CVE-2024-36913 CVE-2024-41013 CVE-2024-56758 CVE-2024-57883 CVE-2025-21816 CVE-2025-22119 CVE-2025-27558 CVE-2025-37958 CVE-2025-38000 CVE-2025-38001 CVE-2025-38003 CVE-2025-38004 CVE-2025-38031 CVE-2025-38034 CVE-2025-38035 CVE-2025-38037 CVE-2025-38040 CVE-2025-38043 CVE-2025-38044 CVE-2025-38048 CVE-2025-38051 CVE-2025-38052 CVE-2025-38058 CVE-2025-38061 CVE-2025-38062 CVE-2025-38063 CVE-2025-38065 CVE-2025-38066 CVE-2025-38067 CVE-2025-38068 CVE-2025-38071 CVE-2025-38072 CVE-2025-38074 CVE-2025-38075 CVE-2025-38077 CVE-2025-38078 CVE-2025-38079 CVE-2025-38083 CVE-2025-38084 CVE-2025-38085 CVE-2025-38086 CVE-2025-38088 CVE-2025-38090 CVE-2025-38097 CVE-2025-38100 CVE-2025-38102 CVE-2025-38103 CVE-2025-38107 CVE-2025-38108 CVE-2025-38111 CVE-2025-38112 CVE-2025-38113 CVE-2025-38115 CVE-2025-38118 CVE-2025-38119 CVE-2025-38120 CVE-2025-38122 CVE-2025-38124 CVE-2025-38126 CVE-2025-38131 CVE-2025-38135 CVE-2025-38136 CVE-2025-38138 CVE-2025-38142 CVE-2025-38143 CVE-2025-38145 CVE-2025-38146 CVE-2025-38147 CVE-2025-38148 CVE-2025-38151 CVE-2025-38153 CVE-2025-38154 CVE-2025-38157 CVE-2025-38158 CVE-2025-38159 CVE-2025-38160 CVE-2025-38161 CVE-2025-38163 CVE-2025-38165 CVE-2025-38166 CVE-2025-38167 CVE-2025-38170 CVE-2025-38173 CVE-2025-38174 CVE-2025-38180 CVE-2025-38181 CVE-2025-38183 CVE-2025-38184 CVE-2025-38185 CVE-2025-38190 CVE-2025-38191 CVE-2025-38193 CVE-2025-38194 CVE-2025-38197 CVE-2025-38198 CVE-2025-38200 CVE-2025-38202 CVE-2025-38211 CVE-2025-38212 CVE-2025-38214 CVE-2025-38215 CVE-2025-38218 CVE-2025-38219 CVE-2025-38222 CVE-2025-38225 CVE-2025-38226 CVE-2025-38227 CVE-2025-38229 CVE-2025-38230 CVE-2025-38231 CVE-2025-38236 CVE-2025-38239 CVE-2025-38245 CVE-2025-38249 CVE-2025-38251 CVE-2025-38257 CVE-2025-38259 CVE-2025-38260 CVE-2025-38262 CVE-2025-38263 CVE-2025-38273 CVE-2025-38275 CVE-2025-38277 CVE-2025-38280 CVE-2025-38282 CVE-2025-38285 CVE-2025-38286 CVE-2025-38293 CVE-2025-38298 CVE-2025-38300 CVE-2025-38304 CVE-2025-38305 CVE-2025-38310 CVE-2025-38312 CVE-2025-38313 CVE-2025-38319 CVE-2025-38320 CVE-2025-38323 CVE-2025-38324 CVE-2025-38326 CVE-2025-38328 CVE-2025-38331 CVE-2025-38332 CVE-2025-38334 CVE-2025-38336 CVE-2025-38337 CVE-2025-38342 CVE-2025-38344 CVE-2025-38345 CVE-2025-38346 CVE-2025-38348 CVE-2025-38350 CVE-2025-38352 CVE-2025-38354 CVE-2025-38362 CVE-2025-38363 CVE-2025-38364 CVE-2025-38365 CVE-2025-38371 CVE-2025-38375 CVE-2025-38377 CVE-2025-38380 CVE-2025-38382 CVE-2025-38384 CVE-2025-38385 CVE-2025-38386 CVE-2025-38387 CVE-2025-38389 CVE-2025-38391 CVE-2025-38393 CVE-2025-38395 CVE-2025-38396 CVE-2025-38399 CVE-2025-38400 CVE-2025-38401 CVE-2025-38403 CVE-2025-38404 CVE-2025-38406 CVE-2025-38409 CVE-2025-38410 CVE-2025-38412 CVE-2025-38415 CVE-2025-38416 CVE-2025-38418 CVE-2025-38419 CVE-2025-38420 CVE-2025-38422 CVE-2025-38424 CVE-2025-38425 CVE-2025-38428 CVE-2025-38430 CVE-2025-38437 CVE-2025-38439 CVE-2025-38441 CVE-2025-38443 CVE-2025-38444 CVE-2025-38445 CVE-2025-38448 CVE-2025-38451 CVE-2025-38455 CVE-2025-38456 CVE-2025-38457 CVE-2025-38458 CVE-2025-38459 CVE-2025-38460 CVE-2025-38461 CVE-2025-38462 CVE-2025-38464 CVE-2025-38465 CVE-2025-38466 CVE-2025-38467 CVE-2025-38468 CVE-2025-38470 CVE-2025-38471 CVE-2025-38472 CVE-2025-38473 CVE-2025-38474 CVE-2025-38476 CVE-2025-38477 CVE-2025-38478 CVE-2025-38480 CVE-2025-38481 CVE-2025-38482 CVE-2025-38483 CVE-2025-38485 CVE-2025-38487 CVE-2025-38488 CVE-2025-38494 CVE-2025-38495 CVE-2025-38497 CVE-2025-38498 CVE-2025-38499}
+ [bookworm] - linux 6.1.147-1
+[12 Aug 2025] DSA-5972-1 openjdk-17 - security update
+ {CVE-2025-30749 CVE-2025-30754 CVE-2025-50059 CVE-2025-50106}
+ [bookworm] - openjdk-17 17.0.16+8-1~deb12u1
+[06 Aug 2025] DSA-5971-1 chromium - security update
+ {CVE-2025-8576 CVE-2025-8577 CVE-2025-8578 CVE-2025-8579 CVE-2025-8580 CVE-2025-8581 CVE-2025-8582 CVE-2025-8583}
+ [bookworm] - chromium 139.0.7258.66-1~deb12u1
+[31 Jul 2025] DSA-5970-1 sope - security update
+ {CVE-2025-53603}
+ [bookworm] - sope 5.8.0-1+deb12u1
+[31 Jul 2025] DSA-5969-1 redis - security update
+ {CVE-2025-27151 CVE-2025-32023 CVE-2025-48367}
+ [bookworm] - redis 5:7.0.15-1~deb12u5
+[30 Jul 2025] DSA-5968-1 chromium - security update
+ {CVE-2025-8292}
+ [bookworm] - chromium 138.0.7204.183-1~deb12u1
+[28 Jul 2025] DSA-5967-1 php8.2 - security update
+ {CVE-2025-1220 CVE-2025-1735 CVE-2025-6491}
+ [bookworm] - php8.2 8.2.29-1~deb12u1
+[27 Jul 2025] DSA-5966-1 thunderbird - security update
+ {CVE-2025-8027 CVE-2025-8028 CVE-2025-8029 CVE-2025-8030 CVE-2025-8031 CVE-2025-8032 CVE-2025-8033 CVE-2025-8034 CVE-2025-8035}
+ [bookworm] - thunderbird 1:128.13.0esr-1~deb12u1
+[24 Jul 2025] DSA-5965-1 chromium - security update
+ {CVE-2025-8010 CVE-2025-8011}
+ [bookworm] - chromium 138.0.7204.168-1~deb12u1
+[23 Jul 2025] DSA-5964-1 firefox-esr - security update
+ {CVE-2025-8027 CVE-2025-8028 CVE-2025-8029 CVE-2025-8030 CVE-2025-8031 CVE-2025-8032 CVE-2025-8033 CVE-2025-8034 CVE-2025-8035}
+ [bookworm] - firefox-esr 128.13.0esr-1~deb12u1
+[17 Jul 2025] DSA-5963-1 chromium - security update
+ {CVE-2025-6558 CVE-2025-7656 CVE-2025-7657}
+ [bookworm] - chromium 138.0.7204.157-1~deb12u1
+[16 Jul 2025] DSA-5962-1 gnutls28 - security update
+ {CVE-2025-6395 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990}
+ [bookworm] - gnutls28 3.7.9-2+deb12u5
[08 Jul 2025] DSA-5961-1 slurm-wlm - security update
{CVE-2025-43904}
[bookworm] - slurm-wlm 22.05.8-4+deb12u3
@@ -230,7 +364,7 @@
{CVE-2025-25184 CVE-2025-27111 CVE-2025-27610}
[bookworm] - ruby-rack 2.2.13-1~deb12u1
[23 Mar 2025] DSA-5885-1 webkit2gtk - security update
- {CVE-2024-44192 CVE-2024-54467 CVE-2025-24201}
+ {CVE-2024-44192 CVE-2024-54467 CVE-2025-24201 CVE-2025-24189}
[bookworm] - webkit2gtk 2.48.0-1~deb12u1
[23 Mar 2025] DSA-5884-1 libxslt - security update
{CVE-2024-55549 CVE-2025-24855}
@@ -15882,7 +16016,7 @@
[13 Jun 2007] DSA-1305-1 icedove - several vulnerabilities
{CVE-2007-1558 CVE-2007-2867 CVE-2007-2868}
[etch] - icedove 1.5.0.12.dfsg1-0etch1
-[16 Jun 2007] DSA-1304 kernel-source-2.6.8 - several
+[16 Jun 2007] DSA-1304-1 kernel-source-2.6.8 - several
{CVE-2005-4811 CVE-2006-4814 CVE-2006-4623 CVE-2006-5753 CVE-2006-5754 CVE-2006-5757 CVE-2006-6053 CVE-2006-6056 CVE-2006-6060 CVE-2006-6106 CVE-2006-6535 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592}
[sarge] - kernel-source-2.6.8 2.6.8-16sarge7
[10 Jun 2007] DSA-1303-1 lighttpd - denial of service
@@ -16027,7 +16161,7 @@
[16 Feb 2007] DSA-1261-1 postgresql
{CVE-2007-0555}
[sarge] - postgresql 7.4.7-6sarge4
-[14 Feb 2007] DSA-1260 imagemagick
+[14 Feb 2007] DSA-1260-1 imagemagick
{CVE-2007-0770}
[sarge] - imagemagick 6:6.0.6.2-2.9
[14 Feb 2007] DSA-1259-1 fetchmail
@@ -16036,7 +16170,7 @@
[07 Feb 2007] DSA-1258-1 mozilla-thunderbird
{CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501 CVE-2006-6502 CVE-2006-6503}
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8e.2
-[05 Feb 2007] DSA-1257 samba
+[05 Feb 2007] DSA-1257-1 samba
{CVE-2007-0452 CVE-2007-0454}
[sarge] - samba 3.0.14a-3sarge4
[31 Jan 2007] DSA-1256-1 gtk+2.0
@@ -16097,9 +16231,9 @@
[17 Dec 2006] DSA-1238-1 clamav
{CVE-2006-6406 CVE-2006-6481}
[sarge] - clamav 0.84-2.sarge.13
-[17 Dec 2006] DSA-1237 kernel-source-2.4.27 - several
+[17 Dec 2006] DSA-1237-1 kernel-source-2.4.27 - several
{CVE-2006-4093 CVE-2006-4538 CVE-2006-4997 CVE-2006-5174 CVE-2006-5649 CVE-2006-5871}
- [sarge] - kernel-source-2.6.8 2.6.8-16sarge6
+ [sarge] - kernel-source-2.4.27 2.4.27-10sarge5
[13 Dec 2006] DSA-1236-1 enemies-of-carlotta
{CVE-2006-5875}
[sarge] - enemies-of-carlotta 1.0.3-1sarge1
@@ -16109,7 +16243,7 @@
[13 Dec 2006] DSA-1234-1 ruby1.6
{CVE-2006-5467}
[sarge] - ruby1.6 1.6.8-12sarge3
-[10 Dec 2006] DSA-1233 kernel-source-2.6.8 - several
+[10 Dec 2006] DSA-1233-1 kernel-source-2.6.8 - several
{CVE-2006-3741 CVE-2006-4538 CVE-2006-4813 CVE-2006-4997 CVE-2006-5174 CVE-2006-5619 CVE-2006-5649 CVE-2006-5751 CVE-2006-5871}
[sarge] - kernel-source-2.6.8 2.6.8-16sarge6
[09 Dec 2006] DSA-1232-1 clamav
@@ -16148,40 +16282,43 @@
[30 Nov 2006] DSA-1221-1 libgsf
{CVE-2006-4514}
[sarge] - libgsf 1.11.1-1sarge1
-[27 Nov 2006] DSA-1220 pstotext
+[27 Nov 2006] DSA-1220-1 pstotext
{CVE-2006-5869}
[sarge] - pstotext 1.9-1sarge2
-[27 Nov 2006] DSA-1219 texinfo
+[27 Nov 2006] DSA-1219-1 texinfo
{CVE-2005-3011 CVE-2006-4810}
[sarge] - texinfo 4.7-2.2sarge2
-[21 Nov 2006] DSA-1218 proftpd
+[21 Nov 2006] DSA-1218-1 proftpd
{CVE-2006-6171}
[sarge] - proftpd 1.2.10-15sarge2
-[20 Nov 2006] DSA-1217 linux-ftpd
+[20 Nov 2006] DSA-1217-1 linux-ftpd
{CVE-2006-5778 CVE-2006-6008}
[sarge] - linux-ftpd 0.17-20sarge2
-[20 Nov 2006] DSA-1216 flexbackup
+[20 Nov 2006] DSA-1216-1 flexbackup
{CVE-2005-4802}
[sarge] - flexbackup 1.2.1-2sarge1
-[20 Nov 2006] DSA-1215 xine-lib
+[20 Nov 2006] DSA-1215-1 xine-lib
{CVE-2006-4799 CVE-2006-4800}
[sarge] - xine-lib 1.0.1-1sarge4
-[20 Nov 2006] DSA-1214 gv
+[27 Dec 2006] DSA-1214-2 gv
{CVE-2006-5864}
[sarge] - gv 1:3.6.1-10sarge2
-[19 Nov 2006] DSA-1213 imagemagick
+[20 Nov 2006] DSA-1214-1 gv
+ {CVE-2006-5864}
+ [sarge] - gv 1:3.6.1-10sarge1
+[19 Nov 2006] DSA-1213-1 imagemagick
{CVE-2006-0082 CVE-2006-4144 CVE-2006-5456 CVE-2006-5868}
[sarge] - imagemagick 6:6.0.6.2-2.8
-[15 Nov 2006] DSA-1212 openssh
+[15 Nov 2006] DSA-1212-1 openssh
{CVE-2006-4924 CVE-2006-5051}
[sarge] - openssh 1:3.8.1p1-8.sarge.6
-[14 Nov 2006] DSA-1211 pdns
+[14 Nov 2006] DSA-1211-1 pdns
{CVE-2006-4251}
[sarge] - pdns 2.9.17-13sarge3
-[14 Nov 2006] DSA-1210 mozilla-firefox
+[14 Nov 2006] DSA-1210-1 mozilla-firefox
{CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4571}
[sarge] - mozilla-firefox 1.0.4-2sarge12
-[12 Nov 2006] DSA-1209 trac
+[12 Nov 2006] DSA-1209-1 trac
{CVE-2006-5878}
[sarge] - trac 0.8.1-3sarge6
[11 Nov 2006] DSA-1208-1 bugzilla
@@ -16290,13 +16427,13 @@
[09 Sep 2006] DSA-1172-1 bind9 - programming error
{CVE-2006-4095 CVE-2006-4096}
[sarge] - bind9 1:9.2.4-1sarge1
-[07 Sep 2006] DSA-1171 ethereal - several
+[07 Sep 2006] DSA-1171-1 ethereal - several
{CVE-2006-4333 CVE-2005-3241 CVE-2005-3242 CVE-2005-3243 CVE-2005-3244 CVE-2005-3246 CVE-2005-3248 CVE-2005-3249}
[sarge] - ethereal 0.10.10-2sarge8
-[06 Sep 2006] DSA-1170 gcc-3.4 - missing sanity check
+[06 Sep 2006] DSA-1170-1 gcc-3.4 - missing sanity check
{CVE-2006-3619}
[sarge] - gcc-3.4 3.4.3-13sarge1
-[05 Sep 2006] DSA-1169 mysql-dfsg-4.1 - several
+[05 Sep 2006] DSA-1169-1 mysql-dfsg-4.1 - several
{CVE-2006-4226 CVE-2006-4380}
[sarge] - mysql-dfsg-4.1 4.1.11a-4sarge7
[04 Sep 2006] DSA-1168-1 imagemagick
@@ -16305,50 +16442,50 @@
[04 Sep 2006] DSA-1167-1 apache - missing input sanitising
{CVE-2005-3352 CVE-2006-3918}
[sarge] - apache 1.3.33-6sarge3
-[03 Sep 2006] DSA-1166 cheesetracker - buffer overflow
+[03 Sep 2006] DSA-1166-1 cheesetracker - buffer overflow
{CVE-2006-3814}
[sarge] - cheesetracker 0.9.9-1sarge1
-[01 Sep 2006] DSA-1165 capi4hylafax - missing input sanitising
+[01 Sep 2006] DSA-1165-1 capi4hylafax - missing input sanitising
{CVE-2006-3126}
[sarge] - capi4hylafax 1:01.02.03-10sarge2
-[31 Aug 2006] DSA-1164 sendmail - programming error
+[31 Aug 2006] DSA-1164-1 sendmail - programming error
{CVE-2006-4434}
[sarge] - sendmail 8.13.4-3sarge3
-[30 Aug 2006] DSA-1163 gtetrinet - programming error
+[30 Aug 2006] DSA-1163-1 gtetrinet - programming error
{CVE-2006-3125}
[sarge] - gtetrinet 0.7.8-1sarge2
-[30 Aug 2006] DSA-1162 libmusicbrainz-2.0 - buffer overflows
+[30 Aug 2006] DSA-1162-1 libmusicbrainz-2.0 - buffer overflows
{CVE-2006-4197}
[sarge] - libmusicbrainz-2.1 2.1.1-3sarge1
[sarge] - libmusicbrainz-2.0 2.0.2-10sarge1
-[29 Aug 2006] DSA-1161 mozilla-firefox - several vulnerabilities
+[29 Aug 2006] DSA-1161-1 mozilla-firefox - several vulnerabilities
{CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3811}
[sarge] - mozilla-firefox 1.0.4-2sarge11
-[29 Aug 2006] DSA-1160 mozilla - several
+[29 Aug 2006] DSA-1160-1 mozilla - several
{CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3811}
[sarge] - mozilla 2:1.7.8-1sarge7.2.2
-[28 Aug 2006] DSA-1159 mozilla-thunderbird - several
+[28 Aug 2006] DSA-1159-1 mozilla-thunderbird - several
{CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810 CVE-2006-3811}
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8b.1
-[27 Aug 2006] DSA-1158 streamripper
+[27 Aug 2006] DSA-1158-1 streamripper
{CVE-2006-3124}
[sarge] - streamripper 1.61.7-1sarge1
-[27 Aug 2006] DSA-1157 ruby1.8
+[27 Aug 2006] DSA-1157-1 ruby1.8
{CVE-2006-3694 CVE-2006-1931}
[sarge] - ruby1.8 1.8.2-7sarge4
-[27 Aug 2006] DSA-1156 kdebase
+[27 Aug 2006] DSA-1156-1 kdebase
{CVE-2006-2449}
[sarge] - kdebase 4:3.3.2-1sarge3
-[24 Aug 2006] DSA-1155 sendmail - programming error
+[24 Aug 2006] DSA-1155-1 sendmail - programming error
{CVE-2006-1173}
[sarge] - sendmail 8.13.4-3sarge2
-[20 Aug 2006] DSA-1154 squirrelmail - variable overwriting
+[20 Aug 2006] DSA-1154-1 squirrelmail - variable overwriting
{CVE-2006-4019}
[sarge] - squirrelmail 2:1.4.4-9
-[18 Aug 2006] DSA-1153 clamav - buffer overflow
+[18 Aug 2006] DSA-1153-1 clamav - buffer overflow
{CVE-2006-4018}
[sarge] - clamav 0.84-2.sarge.10
-[18 Aug 2006] DSA-1152 trac - missing input sanitising
+[18 Aug 2006] DSA-1152-1 trac - missing input sanitising
{CVE-2006-3695}
[sarge] - trac 0.8.1-3sarge5
[15 Aug 2006] DSA-1151-1 heartbeat - out-of-bounds read
@@ -16417,98 +16554,98 @@
[30 Jul 2006] DSA-1130-1 sitebar - missing input validation
{CVE-2006-3320}
[sarge] - sitebar 3.2.6-7.1
-[28 Jul 2006] DSA-1129 osiris - format string
+[28 Jul 2006] DSA-1129-1 osiris - format string
{CVE-2006-3120}
[sarge] - osiris 4.0.6-1sarge1
-[28 Jul 2006] DSA-1128 heartbeat - permission error
+[28 Jul 2006] DSA-1128-1 heartbeat - permission error
{CVE-2006-3815}
[sarge] - heartbeat 1.2.3-9sarge5
-[28 Jul 2006] DSA-1127 ethereal - several
+[28 Jul 2006] DSA-1127-1 ethereal - several
{CVE-2006-3628 CVE-2006-3629 CVE-2006-3630 CVE-2006-3631 CVE-2006-3632}
[sarge] - ethereal 0.10.10-2sarge6
-[27 Jul 2006] DSA-1126 asterisk - several
+[27 Jul 2006] DSA-1126-1 asterisk - several
{CVE-2006-2898}
[sarge] - asterisk 1:1.0.7.dfsg.1-2sarge3
-[26 Jul 2006] DSA-1125 drupal - several
+[26 Jul 2006] DSA-1125-1 drupal - several
{CVE-2006-2742 CVE-2006-2743 CVE-2006-2831 CVE-2006-2832 CVE-2006-2833}
[sarge] - drupal 4.5.3-6.1sarge1
-[24 Jul 2006] DSA-1124 fbi - typo
+[24 Jul 2006] DSA-1124-1 fbi - typo
{CVE-2006-3119}
[sarge] - fbi 2.01-1.2sarge2
-[24 Jul 2006] DSA-1123 libdumb - buffer overflow
+[24 Jul 2006] DSA-1123-1 libdumb - buffer overflow
{CVE-2006-3668}
[sarge] - libdumb 1:0.9.2-6
-[24 Jul 2006] DSA-1122 libnet-server-perl - format string
+[24 Jul 2006] DSA-1122-1 libnet-server-perl - format string
{CVE-2005-1127}
[sarge] - libnet-server-perl 0.87-3sarge1
-[24 Jul 2006] DSA-1121 postgrey - format string
+[24 Jul 2006] DSA-1121-1 postgrey - format string
{CVE-2005-1127}
[sarge] - postgrey 1.21-1sarge1
NOTE: also fixed in 1.21-1volatile4
-[23 Jul 2006] DSA-1120 mozilla-firefox - several vulnerabilities
+[23 Jul 2006] DSA-1120-1 mozilla-firefox - several vulnerabilities
{CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787}
[sarge] - mozilla-firefox 1.0.4-2sarge9
-[23 Jul 2006] DSA-1119 hiki - design flaw
+[23 Jul 2006] DSA-1119-1 hiki - design flaw
{CVE-2006-3379}
[sarge] - hiki 0.6.5-2
-[22 Jul 2006] DSA-1118 mozilla - several
+[22 Jul 2006] DSA-1118-1 mozilla - several
{CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787}
[sarge] - mozilla 2:1.7.8-1sarge7.1
-[21 Jul 2006] DSA-1117 libgd2 - insufficient input sanitising
+[21 Jul 2006] DSA-1117-1 libgd2 - insufficient input sanitising
{CVE-2006-2906}
[sarge] - libgd2 2.0.33-1.1sarge1
-[21 Jul 2006] DSA-1116 gimp - buffer overflow
+[21 Jul 2006] DSA-1116-1 gimp - buffer overflow
{CVE-2006-3404}
[sarge] - gimp 2.2.6-1sarge1
-[21 Jul 2006] DSA-1115 gnupg2 - integer overflow
+[21 Jul 2006] DSA-1115-1 gnupg2 - integer overflow
{CVE-2006-3082}
[sarge] - gnupg 1.4.1-1.sarge4
[sarge] - gnupg2 1.9.15-6sarge1
-[21 Jul 2006] DSA-1114 hashcash - buffer overflow
+[21 Jul 2006] DSA-1114-1 hashcash - buffer overflow
{CVE-2006-3251}
[sarge] - hashcash 1.17-1sarge1
-[18 Jul 2006] DSA-1113 zope2.7 - programming error
+[18 Jul 2006] DSA-1113-1 zope2.7 - programming error
{CVE-2006-3458}
[sarge] - zope2.7 2.7.5-2sarge2
-[18 Jul 2006] DSA-1112 mysql-dfsg-4.1 - several vulnerabilities
+[18 Jul 2006] DSA-1112-1 mysql-dfsg-4.1 - several vulnerabilities
{CVE-2006-3081 CVE-2006-3469}
[sarge] - mysql-dfsg-4.1 4.1.11a-4sarge5
-[16 Jul 2006] DSA-1111 kernel-source-2.6.8 - race condition
+[16 Jul 2006] DSA-1111-1 kernel-source-2.6.8 - race condition
{CVE-2006-3626}
[sarge] - kernel-source-2.6.8 2.6.8-16sarge4
-[16 Jul 2006] DSA-1110 samba - missing input sanitising
+[16 Jul 2006] DSA-1110-1 samba - missing input sanitising
{CVE-2006-3403}
[sarge] - samba 3.0.14a-3sarge2
-[16 Jul 2006] DSA-1109 rssh - programming error
+[16 Jul 2006] DSA-1109-1 rssh - programming error
{CVE-2006-1320}
[sarge] - rssh 2.2.3-1.sarge.2
-[11 Jul 2006] DSA-1108 mutt - buffer overflow
+[11 Jul 2006] DSA-1108-1 mutt - buffer overflow
{CVE-2006-3242}
[sarge] - mutt 1.5.9-2sarge2
-[10 Jul 2006] DSA-1107 gnupg - integer overflow
+[10 Jul 2006] DSA-1107-1 gnupg - integer overflow
{CVE-2006-3082}
[sarge] - gnupg 1.4.1-1.sarge4
-[10 Jul 2006] DSA-1106 ppp - programming error
+[10 Jul 2006] DSA-1106-1 ppp - programming error
{CVE-2006-2194}
[sarge] - ppp 2.4.3-20050321+2sarge1
-[07 Jul 2006] DSA-1105 xine-lib - buffer overflow
+[07 Jul 2006] DSA-1105-1 xine-lib - buffer overflow
{CVE-2006-2802}
[woody] - xine-lib 0.9.8-2woody5
[sarge] - xine-lib 1.0.1-1sarge3
-[30 Jun 2006] DSA-1104 openoffice.org - several vulnerabilities
+[30 Jun 2006] DSA-1104-1 openoffice.org - several vulnerabilities
{CVE-2006-2198 CVE-2006-2199 CVE-2006-3117}
[sarge] - openoffice.org 1.1.3-9sarge3
-[27 Jun 2006] DSA-1103 kernel-source-2.6.8 - several vulnerabilities
+[27 Jun 2006] DSA-1103-1 kernel-source-2.6.8 - several vulnerabilities
{CVE-2005-3359 CVE-2006-0038 CVE-2006-0039 CVE-2006-0456 CVE-2006-0554 CVE-2006-0555 CVE-2006-0557 CVE-2006-0558 CVE-2006-0741 CVE-2006-0742 CVE-2006-0744 CVE-2006-1056 CVE-2006-1242 CVE-2006-1368 CVE-2006-1523 CVE-2006-1524 CVE-2006-1525 CVE-2006-1857 CVE-2006-1858 CVE-2006-1863 CVE-2006-1864 CVE-2006-2271 CVE-2006-2272 CVE-2006-2274}
[sarge] - kernel-source-2.6.8 2.6.8-16sarge3
-[26 Jun 2006] DSA-1102 pinball - design error
+[26 Jun 2006] DSA-1102-1 pinball - design error
{CVE-2006-2196}
[sarge] - pinball 0.3.1-3sarge1
-[23 Jun 2006] DSA-1101 courier - programming error
+[23 Jun 2006] DSA-1101-1 courier - programming error
{CVE-2006-2659}
[woody] - courier 0.37.3-2.9
[sarge] - courier 0.47-4sarge5
-[15 Jun 2006] DSA-1100 wv2 - integer overflow
+[15 Jun 2006] DSA-1100-1 wv2 - integer overflow
{CVE-2006-2197}
[sarge] - wv2 0.2.2-1sarge1
[14 Jun 2006] DSA-1099-1 - horde2 - missing input sanitising
@@ -18834,295 +18971,295 @@
[30 Aug 2004] DSA-542-1 qt - unsanitised input
{CVE-2004-0691 CVE-2004-0692 CVE-2004-0693}
[woody] - qt-copy 3.0.3-20020329-1woody2
-[25 Aug 2004] DSA-541 icecast-server - cross site scripting
+[25 Aug 2004] DSA-541-1 icecast-server - cross site scripting
{CVE-2004-0781}
[woody] - icecast-server 1:1.3.11-4.2
-[18 Aug 2004] DSA-540 mysql-dfsg - insecure file creation
+[18 Aug 2004] DSA-540-1 mysql-dfsg - insecure file creation
{CVE-2004-0457}
[woody] - mysql 3.23.49-8.7
-[18 Aug 2004] DSA-539 kdelibs - denial of service
+[18 Aug 2004] DSA-539-1 kdelibs - denial of service
{CVE-2004-0689}
[woody] - kdelibs 4:2.2.2-13.woody.12
-[17 Aug 2004] DSA-538 rsync - unauthorised directory traversal and file access
+[17 Aug 2004] DSA-538-1 rsync - unauthorised directory traversal and file access
{CVE-2004-0792}
[woody] - rsync 2.5.5-0.6
-[16 Aug 2004] DSA-537 ruby - insecure file permissions
+[16 Aug 2004] DSA-537-1 ruby - insecure file permissions
{CVE-2004-0755}
[woody] - ruby 1.6.7-3woody3
-[04 Aug 2004] DSA-536 libpng - several vulnerabilities
+[04 Aug 2004] DSA-536-1 libpng - several vulnerabilities
{CVE-2004-0597 CVE-2004-0598 CVE-2004-0599 CVE-2004-0768}
[woody] - libpng 1.0.12-3.woody.7
[woody] - libpng3 1.2.1-1.1.woody.7
-[02 Aug 2004] DSA-535 squirrelmail - several vulnerabilities
+[02 Aug 2004] DSA-535-1 squirrelmail - several vulnerabilities
{CVE-2004-0519 CVE-2004-0520 CVE-2004-0521 CVE-2004-0639}
[woody] - squirrelmail 1:1.2.6-1.4
-[22 Jul 2004] DSA-534 mailreader - directory traversal
+[22 Jul 2004] DSA-534-1 mailreader - directory traversal
{CVE-2002-1581}
[woody] - mailreader 2.3.29-5woody1
-[22 Jul 2004] DSA-533 courier - cross-site scripting
+[22 Jul 2004] DSA-533-1 courier - cross-site scripting
{CVE-2004-0591}
[woody] - courier 0.37.3-2.5
-[22 Jul 2004] DSA-532 libapache-mod-ssl - several vulnerabilities
+[22 Jul 2004] DSA-532-1 libapache-mod-ssl - several vulnerabilities
{CVE-2004-0488 CVE-2004-0700}
[woody] - libapache-mod-ssl 2.8.9-2.4
-[20 Jul 2004] DSA-531 php4 - several vulnerabilities
+[20 Jul 2004] DSA-531-1 php4 - several vulnerabilities
{CVE-2004-0594 CVE-2004-0595}
[woody] - php4 4.1.2-7
-[17 Jul 2004] DSA-530 l2tpd - buffer overflow
+[17 Jul 2004] DSA-530-1 l2tpd - buffer overflow
{CVE-2004-0649}
[woody] - l2tpd 0.67-1.2
-[17 Jul 2004] DSA-529 netkit-telnet-ssl - format string
+[17 Jul 2004] DSA-529-1 netkit-telnet-ssl - format string
{CVE-2004-0640}
[woody] - netkit-telnet-ssl 0.17.17+0.1-2woody1
-[17 Jul 2004] DSA-528 ethereal - denial of service
+[17 Jul 2004] DSA-528-1 ethereal - denial of service
{CVE-2004-0635}
[woody] - ethereal 0.9.4-1woody8
-[03 Jul 2004] DSA-527 pavuk - buffer overflow
+[03 Jul 2004] DSA-527-1 pavuk - buffer overflow
{CVE-2004-0456}
NOTE: DSA is incorrect; pavuk is in sarge and unstable.
[woody] - pavuk 0.9pl28-1woody1
-[03 Jul 2004] DSA-526 webmin - several vulnerabilities
+[03 Jul 2004] DSA-526-1 webmin - several vulnerabilities
{CVE-2004-0582 CVE-2004-0583}
[woody] - webmin 0.94-7woody2
-[24 Jun 2004] DSA-525 apache - buffer overflow
+[24 Jun 2004] DSA-525-1 apache - buffer overflow
{CVE-2004-0492}
[woody] - apache 1.3.26-0woody5
-[19 Jun 2004] DSA-524 rlpr - several vulnerabilities
+[19 Jun 2004] DSA-524-1 rlpr - several vulnerabilities
{CVE-2004-0393 CVE-2004-0454}
[woody] - rlpr 2.02-7woody1
-[19 Jun 2004] DSA-523 www-sql - buffer overflow
+[19 Jun 2004] DSA-523-1 www-sql - buffer overflow
{CVE-2004-0455}
[woody] - www-sql 0.5.7-17woody1
-[19 Jun 2004] DSA-522 super - format string vulnerability
+[19 Jun 2004] DSA-522-1 super - format string vulnerability
{CVE-2004-0579}
[woody] - super 3.16.1-1.2
-[18 Jun 2004] DSA-521 sup - format string vulnerability
+[18 Jun 2004] DSA-521-1 sup - format string vulnerability
{CVE-2004-0451}
[woody] - sup 1.8-8woody2
-[16 Jun 2004] DSA-520 krb5 - buffer overflows
+[16 Jun 2004] DSA-520-1 krb5 - buffer overflows
{CVE-2004-0523}
[woody] - krb5 1.2.4-5woody5
-[15 Jun 2004] DSA-519 cvs - several vulnerabilities
+[15 Jun 2004] DSA-519-1 cvs - several vulnerabilities
{CVE-2004-0416 CVE-2004-0417 CVE-2004-0418}
[woody] - cvs 1.11.1p1debian-9woody7
-[14 Jun 2004] DSA-518 kdelibs - unsanitised input
+[14 Jun 2004] DSA-518-1 kdelibs - unsanitised input
{CVE-2004-0411}
[woody] - kdelibs 4:2.2.2-13.woody.10
-[10 Jun 2004] DSA-517 cvs - buffer overflow
+[10 Jun 2004] DSA-517-1 cvs - buffer overflow
{CVE-2004-0414}
[woody] - cvs 1.11.1p1debian-9woody6
-[07 Jun 2004] DSA-516 postgresql - buffer overflow
+[07 Jun 2004] DSA-516-1 postgresql - buffer overflow
{CVE-2004-0547}
[woody] - postgresql 7.2.1-2woody5
-[05 Jun 2004] DSA-515 lha - several vulnerabilities
+[05 Jun 2004] DSA-515-1 lha - several vulnerabilities
{CVE-2004-0234 CVE-2004-0235}
[woody] - lha 1.14i-2woody1
-[04 Jun 2004] DSA-514 kernel-image-sparc-2.2 - failing function and TLB flush
+[04 Jun 2004] DSA-514-1 kernel-image-sparc-2.2 - failing function and TLB flush
{CVE-2004-0077}
[woody] - kernel-source-2.2.20 2.2.20-5woody3
-[03 Jun 2004] DSA-513 log2mail - format string
+[03 Jun 2004] DSA-513-1 log2mail - format string
{CVE-2004-0450}
[woody] - log2mail 0.2.5.2
-[02 Jun 2004] DSA-512 gallery - unauthenticated access
+[02 Jun 2004] DSA-512-1 gallery - unauthenticated access
{CVE-2004-0522}
[woody] - gallery 1.2.5-8woody2
-[30 May 2004] DSA-511 ethereal - buffer overflows
+[30 May 2004] DSA-511-1 ethereal - buffer overflows
{CVE-2004-0176}
[woody] - ethereal 0.9.4-1woody7
-[29 May 2004] DSA-510 jftpgw - format string
+[29 May 2004] DSA-510-1 jftpgw - format string
{CVE-2004-0448}
[woody] - jftpgw 0.13.1-1woody1
-[29 May 2004] DSA-509 gatos - privilege escalation
+[29 May 2004] DSA-509-1 gatos - privilege escalation
{CVE-2004-0395}
[woody] - gatos 0.0.5-6woody1
-[22 May 2004] DSA-508 xpcd - buffer overflow
+[22 May 2004] DSA-508-1 xpcd - buffer overflow
{CVE-2004-0402}
[woody] - xpcd 2.08-8woody2
-[19 May 2004] DSA-507 cadaver - buffer overflow
+[19 May 2004] DSA-507-1 cadaver - buffer overflow
{CVE-2004-0398}
[woody] - cadaver 0.18.0-1woody3
-[19 May 2004] DSA-506 neon - buffer overflow
+[19 May 2004] DSA-506-1 neon - buffer overflow
{CVE-2004-0398}
[woody] - neon 0.19.3-2woody5
-[19 May 2004] DSA-505 cvs - heap overflow
+[19 May 2004] DSA-505-1 cvs - heap overflow
{CVE-2004-0396}
[woody] - cvs 1.11.1p1debian-9woody4
-[18 May 2004] DSA-504 heimdal - missing input sanitising
+[18 May 2004] DSA-504-1 heimdal - missing input sanitising
{CVE-2004-0434}
[woody] - heimdal 0.4e-7.woody.9
-[13 May 2004] DSA-503 mah-jong - missing argument check
+[13 May 2004] DSA-503-1 mah-jong - missing argument check
{CVE-2004-0458}
[woody] - mah-jong 1.4-3
-[11 May 2004] DSA-502 exim-tls - buffer overflow
+[11 May 2004] DSA-502-1 exim-tls - buffer overflow
{CVE-2004-0399 CVE-2004-0400}
[woody] - exim-tls 3.35-3woody2
-[07 May 2004] DSA-501 exim - buffer overflow
+[07 May 2004] DSA-501-1 exim - buffer overflow
{CVE-2004-0399 CVE-2004-0400}
[woody] - exim 3.35-1woody3
-[01 May 2004] DSA-500 flim - insecure temporary file
+[01 May 2004] DSA-500-1 flim - insecure temporary file
{CVE-2004-0422}
[woody] - flim 1.14.3-9woody1
-[01 May 2004] DSA-499 rsync - directory traversal
+[01 May 2004] DSA-499-1 rsync - directory traversal
{CVE-2004-0426}
[woody] - rsync 2.5.5-0.5
-[30 Apr 2004] DSA-498 libpng - out of bound access
+[30 Apr 2004] DSA-498-1 libpng - out of bound access
{CVE-2004-0421}
[woody] - libpng 1.0.12-3.woody.5
[woody] - libpng3 1.2.1-1.1.woody.5
-[29 Apr 2004] DSA-497 mc - several vulnerabilities
+[29 Apr 2004] DSA-497-1 mc - several vulnerabilities
{CVE-2004-0226 CVE-2004-0231 CVE-2004-0232}
[woody] - mc 4.5.55-1.2woody3
-[29 Apr 2004] DSA-496 eterm - missing input sanitising
+[29 Apr 2004] DSA-496-1 eterm - missing input sanitising
{CVE-2003-0068}
[woody] - eterm 0.9.2-0pre2002042903.3
-[26 Apr 2004] DSA-495 linux-kernel-2.4.16-arm - several vulnerabilities
+[26 Apr 2004] DSA-495-1 linux-kernel-2.4.16-arm - several vulnerabilities
{CVE-2003-0127 CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
[woody] - kernel-source-2.4.16 2.4.16-1woody2
[woody] - kernel-patch-2.4.16-arm 20040419
[woody] - kernel-image-2.4.16-lart 20040419
[woody] - kernel-image-2.4.16-netwinder 20040419
[woody] - kernel-image-2.4.16-riscpc 20040419
-[21 Apr 2004] DSA-494 ident2 - buffer overflow
+[21 Apr 2004] DSA-494-1 ident2 - buffer overflow
{CVE-2004-0408}
[woody] - ident2 1.03-3woody1
-[21 Apr 2004] DSA-493 xchat - buffer overflow
+[21 Apr 2004] DSA-493-1 xchat - buffer overflow
{CVE-2004-0409}
[woody] - xchat 1.8.9-0woody3
-[18 Apr 2004] DSA-492 iproute - denial of service
+[18 Apr 2004] DSA-492-1 iproute - denial of service
{CVE-2003-0856}
[woody] - iproute 20010824-8woody1
-[17 Apr 2004] DSA-491 linux-kernel-2.4.19-mips - several vulnerabilities
+[17 Apr 2004] DSA-491-1 linux-kernel-2.4.19-mips - several vulnerabilities
{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
[woody] - kernel-source-2.4.19 2.4.19-4.woody2
[woody] - kernel-patch-2.4.19-mips 2.4.19-0.020911.1.woody4
-[17 Apr 2004] DSA-490 zope - arbitrary code execution
+[17 Apr 2004] DSA-490-1 zope - arbitrary code execution
{CVE-2002-0688}
[woody] - zope 2.5.1-1woody1
-[17 Apr 2004] DSA-489 linux-kernel-2.4.17-mips+mipsel - several vulnerabilities
+[17 Apr 2004] DSA-489-1 linux-kernel-2.4.17-mips+mipsel - several vulnerabilities
{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
[woody] - kernel-source-2.4.17 2.4.17-1woody3
[woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody6
[woody] - kernel-patch-2.4.17-mipsel 2.4.17-0.020226.2.woody6
-[16 Apr 2004] DSA-488 logcheck - insecure temporary directory
+[16 Apr 2004] DSA-488-1 logcheck - insecure temporary directory
{CVE-2004-0404}
[woody] - logcheck 1.1.1-13.1woody1
-[16 Apr 2004] DSA-487 neon - format string
+[16 Apr 2004] DSA-487-1 neon - format string
{CVE-2004-0179}
[woody] - neon 0.19.3-2woody3
-[16 Apr 2004] DSA-486 cvs - several vulnerabilities
+[16 Apr 2004] DSA-486-1 cvs - several vulnerabilities
{CVE-2004-0180 CVE-2004-0405}
[woody] - cvs 1.11.1p1debian-9woody2
-[14 Apr 2004] DSA-485 ssmtp - format string
+[14 Apr 2004] DSA-485-1 ssmtp - format string
{CVE-2004-0156}
[woody] - ssmtp 2.50.6.1
-[14 Apr 2004] DSA-484 xonix - failure to drop privileges
+[14 Apr 2004] DSA-484-1 xonix - failure to drop privileges
{CVE-2004-0157}
[woody] - xonix 1.4-19woody1
-[14 Apr 2004] DSA-483 mysql - insecure temporary file creation
+[14 Apr 2004] DSA-483-1 mysql - insecure temporary file creation
{CVE-2004-0381 CVE-2004-0388}
[woody] - mysql 3.23.49-8.6
-[14 Apr 2004] DSA-482 linux-kernel-2.4.17-apus+s390 - several vulnerabilities
+[14 Apr 2004] DSA-482-1 linux-kernel-2.4.17-apus+s390 - several vulnerabilities
{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
[woody] - kernel-source-2.4.17 2.4.17-1woody3
[woody] - kernel-patch-2.4.17-apus 2.4.17-5
[woody] - kernel-patch-2.4.17-s390 2.4.17-2.woody.4
[woody] - kernel-image-2.4.17-s390 2.4.17-2.woody.4
-[14 Apr 2004] DSA-481 linux-kernel-2.4.17-ia64 - several vulnerabilities
+[14 Apr 2004] DSA-481-1 linux-kernel-2.4.17-ia64 - several vulnerabilities
{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
[woody] - kernel-image-2.4.17-ia64 011226.17
-[14 Apr 2004] DSA-480 linux-kernel-2.4.17+2.4.18-hppa - several vulnerabilities
+[14 Apr 2004] DSA-480-1 linux-kernel-2.4.17+2.4.18-hppa - several vulnerabilities
{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
[woody] - kernel-image-2.4.17-hppa 32.4
[woody] - kernel-image-2.4.18-hppa 62.3
-[14 Apr 2004] DSA-479 linux-kernel-2.4.18-alpha+i386+powerpc - several vulnerabilities
+[14 Apr 2004] DSA-479-1 linux-kernel-2.4.18-alpha+i386+powerpc - several vulnerabilities
{CVE-2004-0003 CVE-2004-0010 CVE-2004-0109 CVE-2004-0177 CVE-2004-0178}
[woody] - kernel-source-2.4.18 2.4.18-14.3
[woody] - kernel-image-2.4.18-1-alpha 2.4.18-15
[woody] - kernel-image-2.4.18-1-i386 2.4.18-13
[woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody8
[woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody5
-[06 Apr 2004] DSA-478 tcpdump - denial of service
+[06 Apr 2004] DSA-478-1 tcpdump - denial of service
{CVE-2004-0183 CVE-2004-0184}
[woody] - tcpdump 3.6.2-2.8
-[06 Apr 2004] DSA-477 xine-ui - insecure temporary file creation
+[06 Apr 2004] DSA-477-1 xine-ui - insecure temporary file creation
{CVE-2004-0372}
[woody] - xine-ui 0.9.8-5
-[06 Apr 2004] DSA-476 heimdal - cross-realm
+[06 Apr 2004] DSA-476-1 heimdal - cross-realm
{CVE-2004-0371}
[woody] - heimdal 0.4e-7.woody.8.1
-[05 Apr 2004] DSA-475 linux-kernel-2.4.18-hppa - several vulnerabilities
+[05 Apr 2004] DSA-475-1 linux-kernel-2.4.18-hppa - several vulnerabilities
{CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
[woody] - kernel-image-2.4.18-hppa 62.1
-[03 Apr 2004] DSA-474 squid - ACL bypass
+[03 Apr 2004] DSA-474-1 squid - ACL bypass
{CVE-2004-0189}
[woody] - squid 2.4.6-2woody2
-[03 Apr 2004] DSA-473 oftpd - denial of service
+[03 Apr 2004] DSA-473-1 oftpd - denial of service
{CVE-2004-0376}
[woody] - oftpd 0.3.6-6
-[03 Apr 2004] DSA-472 fte - several vulnerabilities
+[03 Apr 2004] DSA-472-1 fte - several vulnerabilities
{CVE-2003-0648}
[woody] - fte 0.49.13-15woody1
-[02 Apr 2004] DSA-471 interchange - missing input sanitising
+[02 Apr 2004] DSA-471-1 interchange - missing input sanitising
{CVE-2004-0374}
[woody] - interchange 4.8.3.20020306-1.woody.2
-[01 Apr 2004] DSA-470 linux-kernel-2.4.17-hppa - several vulnerabilities
+[01 Apr 2004] DSA-470-1 linux-kernel-2.4.17-hppa - several vulnerabilities
{CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
[woody] - kernel-image-2.4.17-hppa 32.3
-[29 Mar 2004] DSA-469 pam-pgsql - missing input sanitising
+[29 Mar 2004] DSA-469-1 pam-pgsql - missing input sanitising
{CVE-2004-0366}
[woody] - pam-pgsql 0.5.2-3woody2
-[24 Mar 2004] DSA-468 emil - several vulnerabilities
+[24 Mar 2004] DSA-468-1 emil - several vulnerabilities
{CVE-2004-0152 CVE-2004-0153}
[woody] - emil 2.1.0-beta9-11woody1
-[23 Mar 2004] DSA-467 ecartis - several vulnerabilities
+[23 Mar 2004] DSA-467-1 ecartis - several vulnerabilities
{CVE-2003-0781 CVE-2003-0782}
[woody] - ecartis 0.129a+1.0.0-snap20020514-1.2
-[18 Mar 2004] DSA-466 linux-kernel-2.2.10-powerpc-apus - failing function and TLB flush
+[18 Mar 2004] DSA-466-1 linux-kernel-2.2.10-powerpc-apus - failing function and TLB flush
{CVE-2004-0077}
[woody] - kernel-source-2.2.10 2.2.10-2
[woody] - kernel-image-2.2.10-powerpc-apus 2.2.10-13woody1
-[17 Mar 2004] DSA-465 openssl - several vulnerabilities
+[17 Mar 2004] DSA-465-1 openssl - several vulnerabilities
{CVE-2004-0079 CVE-2004-0081}
[woody] - openssl 0.9.6c-2.woody.6
[woody] - openssl094 0.9.4-6.woody.4
[woody] - openssl095 0.9.5a-6.woody.5
-[16 Mar 2004] DSA-464 gdk-pixbuf - broken image handling
+[16 Mar 2004] DSA-464-1 gdk-pixbuf - broken image handling
{CVE-2004-0111}
[woody] - gdk-pixbuf 0.17.0-2woody1
-[12 Mar 2004] DSA-463 samba - privilege escalation
+[12 Mar 2004] DSA-463-1 samba - privilege escalation
{CVE-2004-0186}
[woody] - samba 2.2.3a-13
-[12 Mar 2004] DSA-462 xitalk - missing privilege release
+[12 Mar 2004] DSA-462-1 xitalk - missing privilege release
{CVE-2004-0151}
[woody] - xitalk 1.1.11-9.1woody1
-[11 Mar 2004] DSA-461 calife - buffer overflow
+[11 Mar 2004] DSA-461-1 calife - buffer overflow
{CVE-2004-0188}
[woody] - calife 2.8.4c-1woody1
-[10 Mar 2004] DSA-460 sysstat - insecure temporary file
+[10 Mar 2004] DSA-460-1 sysstat - insecure temporary file
{CVE-2004-0108}
[woody] - sysstat 5.0.1-1
-[10 Mar 2004] DSA-459 kdelibs - cookie path traversal
+[10 Mar 2004] DSA-459-1 kdelibs - cookie path traversal
{CVE-2003-0592}
[woody] - kdelibs 4:2.2.2-6woody3
[woody] - kdelibs-crypto 4:2.2.2-13.woody.9
-[08 Mar 2004] DSA-457 wu-ftpd - several vulnerabilities
+[08 Mar 2004] DSA-457-1 wu-ftpd - several vulnerabilities
{CVE-2004-0148 CVE-2004-0185}
[woody] - wu-ftpd 2.6.2-3woody4
-[06 Mar 2004] DSA-456 linux-kernel-2.2.19-arm - failing function and TLB flush
+[06 Mar 2004] DSA-456-1 linux-kernel-2.2.19-arm - failing function and TLB flush
{CVE-2004-0077}
[woody] - kernel-source-2.2.19 2.2.19.1-4woody1
[woody] - kernel-patch-2.2.19-arm 20040303
[woody] - kernel-image-2.2.19-netwinder 20040303
[woody] - kernel-image-2.2.19-riscpc 20040303
-[03 Mar 2004] DSA-455 libxml - buffer overflows
+[03 Mar 2004] DSA-455-1 libxml - buffer overflows
{CVE-2004-0110}
[woody] - libxml 1.8.17-2woody1
[woody] - libxml2 2.4.19-4woody1
-[02 Mar 2004] DSA-454 linux-kernel-2.2.22-alpha - failing function and TLB flush
+[02 Mar 2004] DSA-454-1 linux-kernel-2.2.22-alpha - failing function and TLB flush
{CVE-2004-0077}
[woody] - kernel-source-2.2.22 2.2.22-1woody1
[woody] - kernel-image-2.2.22-alpha 2.2.22-2
-[02 Mar 2004] DSA-453 linux-kernel-2.2.20-i386+m68k+powerpc - failing function and TLB flush
+[02 Mar 2004] DSA-453-1 linux-kernel-2.2.20-i386+m68k+powerpc - failing function and TLB flush
{CVE-2004-0077}
[woody] - kernel-source-2.2.20 2.2.20-5woody3
[woody] - kernel-image-2.2.20-i386 2.2.20-5woody5
@@ -19134,995 +19271,998 @@
[woody] - kernel-image-2.2.20-mvme147 2.2.20-3
[woody] - kernel-image-2.2.20-mvme16x 2.2.20-3
[woody] - kernel-patch-2.2.20-powerpc 2.2.20-3woody1
-[29 Feb 2004] DSA-452 libapache-mod-python - denial of service
+[29 Feb 2004] DSA-452-1 libapache-mod-python - denial of service
{CVE-2003-0973}
[woody] - libapache-mod-python 2:2.7.8-0.0woody2
-[27 Feb 2004] DSA-451 xboing - buffer overflows
+[27 Feb 2004] DSA-451-1 xboing - buffer overflows
{CVE-2004-0149}
[woody] - xboing 2.4-26woody1
-[27 Feb 2004] DSA-450 linux-kernel-2.4.19-mips - several vulnerabilities
+[27 Feb 2004] DSA-450-1 linux-kernel-2.4.19-mips - several vulnerabilities
{CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
[woody] - kernel-source-2.4.19 2.4.19-0.020911.1.woody3
[woody] - kernel-patch-2.4.19-mips 2.4.19-4.woody1
-[24 Feb 2004] DSA-449 metamail - buffer overflow, format string bugs
+[24 Feb 2004] DSA-449-1 metamail - buffer overflow, format string bugs
{CVE-2004-0104 CVE-2004-0105}
[woody] - metamail 2.7-45woody.2
-[22 Feb 2004] DSA-448 pwlib - several vulnerabilities
+[22 Feb 2004] DSA-448-1 pwlib - several vulnerabilities
{CVE-2004-0097}
[woody] - pwlib 1.2.5-5woody1
-[22 Feb 2004] DSA-447 hsftp - format string
+[22 Feb 2004] DSA-447-1 hsftp - format string
{CVE-2004-0159}
[woody] - hsftp 1.11-1woody1
-[21 Feb 2004] DSA-446 synaesthesia - insecure file creation
+[21 Feb 2004] DSA-446-1 synaesthesia - insecure file creation
{CVE-2004-0160}
[woody] - synaesthesia 2.1-2.1woody1
-[21 Feb 2004] DSA-445 lbreakout2 - buffer overflow
+[21 Feb 2004] DSA-445-1 lbreakout2 - buffer overflow
{CVE-2004-0158}
[woody] - lbreakout2 2.2.2-1woody1
-[20 Feb 2004] DSA-444 linux-kernel-2.4.17-ia64 - missing function return value check
+[20 Feb 2004] DSA-444-1 linux-kernel-2.4.17-ia64 - missing function return value check
{CVE-2004-0077}
[woody] - kernel-image-2.4.17-ia64 011226.16
-[19 Feb 2004] DSA-443 xfree86 - several vulnerabilities
+[19 Feb 2004] DSA-443-1 xfree86 - several vulnerabilities
{CVE-2003-0690 CVE-2004-0083 CVE-2004-0084 CVE-2004-0106 CVE-2004-0093 CVE-2004-0094}
[woody] - xfree86 4.1.0-16woody3
-[19 Feb 2004] DSA-442 linux-kernel-2.4.17-s390 - several vulnerabilities
+[19 Feb 2004] DSA-442-1 linux-kernel-2.4.17-s390 - several vulnerabilities
{CVE-2003-0001 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364 CVE-2003-0961 CVE-2003-0985 CVE-2004-0077 CVE-2002-0429}
[woody] - kernel-patch-2.4.17-s390 0.0.20020816-0.woody.2
[woody] - kernel-image-2.4.17-s390 2.4.17-2.woody.3
-[18 Feb 2004] DSA-441 linux-kernel-2.4.17-mips+mipsel - missing function return value check
+[18 Feb 2004] DSA-441-1 linux-kernel-2.4.17-mips+mipsel - missing function return value check
{CVE-2004-0077}
[woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody5
-[18 Feb 2004] DSA-440 linux-kernel-2.4.17-powerpc-apus - several vulnerabilities
+[18 Feb 2004] DSA-440-1 linux-kernel-2.4.17-powerpc-apus - several vulnerabilities
{CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
[woody] - kernel-source-2.4.17 2.4.17-4
[woody] - kernel-patch-2.4.17-apus 2.4.17-4
-[18 Feb 2004] DSA-439 linux-kernel-2.4.16-arm - several vulnerabilities
+[18 Feb 2004] DSA-439-1 linux-kernel-2.4.16-arm - several vulnerabilities
{CVE-2003-0961 CVE-2003-0985 CVE-2004-0077}
[woody] - kernel-image-2.4.16-lart 2.4.16-20040204
[woody] - kernel-image-2.4.16-netwinder 2.4.16-20040204
[woody] - kernel-image-2.4.16-riscpc 2.4.16-20040204
[woody] - kernel-patch-2.4.16-arm 20040204
-[18 Feb 2004] DSA-438 linux-kernel-2.4.18-alpha+i386+powerpc - missing function return value check
+[18 Feb 2004] DSA-438-1 linux-kernel-2.4.18-alpha+i386+powerpc - missing function return value check
{CVE-2004-0077}
[woody] - kernel-source-2.4.18 2.4.18-14.2
[woody] - kernel-image-2.4.18-1-alpha 2.4.18-14
[woody] - kernel-image-2.4.18-1-i386 2.4.18-12.2
[woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody7
[woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody4
-[11 Feb 2004] DSA-437 cgiemail - open mail relay
+[11 Feb 2004] DSA-437-1 cgiemail - open mail relay
{CVE-2002-1575}
[woody] - cgiemail 1.6-14woody1
-[08 Feb 2004] DSA-436 mailman - several vulnerabilities
+[08 Feb 2004] DSA-436-1 mailman - several vulnerabilities
{CVE-2003-0991 CVE-2003-0965 CVE-2003-0038}
[woody] - mailman 2.0.11-1woody7
-[06 Feb 2004] DSA-435 mpg123 - heap overflow
+[06 Feb 2004] DSA-435-1 mpg123 - heap overflow
{CVE-2003-0865}
[woody] - mpg123 0.59r-13woody2
-[05 Feb 2004] DSA-434 gaim - several vulnerabilities
+[05 Feb 2004] DSA-434-1 gaim - several vulnerabilities
{CVE-2004-0005 CVE-2004-0006 CVE-2004-0007 CVE-2004-0008}
[woody] - gaim 0.58-2.4
-[04 Feb 2004] DSA-433 kernel-patch-2.4.17-mips - integer overflow
+[04 Feb 2004] DSA-433-1 kernel-patch-2.4.17-mips - integer overflow
{CVE-2003-0961}
[woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody4
-[03 Feb 2004] DSA-432 crawl - buffer overflow
+[03 Feb 2004] DSA-432-1 crawl - buffer overflow
{CVE-2004-0103}
[woody] - crawl 4.0.0beta23-2woody1
-[01 Feb 2004] DSA-431 perl - information leak
+[01 Feb 2004] DSA-431-1 perl - information leak
{CVE-2003-0618}
[woody] - perl 5.6.1-8.6
-[28 Jan 2004] DSA-430 trr19 - missing privilege release
+[28 Jan 2004] DSA-430-1 trr19 - missing privilege release
{CVE-2004-0047}
[woody] - trr19 1.0beta5-15woody1
-[26 Jan 2004] DSA-429 gnupg - cryptographic weakness
+[26 Jan 2004] DSA-429-1 gnupg - cryptographic weakness
{CVE-2003-0971}
[woody] - gnupg 1.0.6-4woody1
-[20 Jan 2004] DSA-428 slocate - buffer overflow
+[20 Jan 2004] DSA-428-1 slocate - buffer overflow
{CVE-2003-0848}
[woody] - slocate 2.6-1.3.2
-[19 Jan 2004] DSA-427 linux-kernel-2.4.17-mips+mipsel - missing boundary check
+[19 Jan 2004] DSA-427-1 linux-kernel-2.4.17-mips+mipsel - missing boundary check
{CVE-2003-0985}
[woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody3
-[18 Jan 2004] DSA-426 netpbm-free - insecure temporary files
+[18 Jan 2004] DSA-426-1 netpbm-free - insecure temporary files
{CVE-2003-0924}
[woody] - netpbm-free 2:9.20-8.4
-[16 Jan 2004] DSA-425 tcpdump - multiple vulnerabilities
+[16 Jan 2004] DSA-425-1 tcpdump - multiple vulnerabilities
{CVE-2003-1029 CVE-2003-0989 CVE-2004-0055 CVE-2004-0057}
[woody] - tcpdump 3.6.2-2.7
-[16 Jan 2004] DSA-424 mc - buffer overflow
+[16 Jan 2004] DSA-424-1 mc - buffer overflow
{CVE-2003-1023}
[woody] - mc 4.5.55-1.2woody2
-[15 Jan 2004] DSA-423 linux-kernel-2.4.17-ia64 - several vulnerabilities
+[15 Jan 2004] DSA-423-1 linux-kernel-2.4.17-ia64 - several vulnerabilities
{CVE-2003-0001 CVE-2003-0018 CVE-2003-0127 CVE-2003-0461 CVE-2003-0462 CVE-2003-0476 CVE-2003-0501 CVE-2003-0550 CVE-2003-0551 CVE-2003-0552 CVE-2003-0961 CVE-2003-0985}
[woody] - kernel-image-2.4.17-ia64 kernel-image-2.4.17-ia64
-[13 Jan 2004] DSA-422 cvs - remote vulnerability
+[13 Jan 2004] DSA-422-1 cvs - remote vulnerability
[woody] - cvs 1.11.11
-[12 Jan 2004] DSA-421 mod-auth-shadow - password expiration
+[12 Jan 2004] DSA-421-1 mod-auth-shadow - password expiration
{CVE-2004-0041}
[woody] - mod-auth-shadow 1.3-3.1woody.1
-[12 Jan 2004] DSA-420 jitterbug - improperly sanitised input
+[12 Jan 2004] DSA-420-1 jitterbug - improperly sanitised input
{CVE-2004-0028}
[woody] - jitterbug 1.6.2-4.2woody2
-[09 Jan 2004] DSA-419 phpgroupware - missing filename sanitising, SQL injection
+[09 Jan 2004] DSA-419-1 phpgroupware - missing filename sanitising, SQL injection
{CVE-2004-0016 CVE-2004-0017}
[woody] - phpgroupware 0.9.14-0.RC3.2.woody3
-[07 Jan 2004] DSA-418 vbox3 - privilege leak
+[07 Jan 2004] DSA-418-1 vbox3 - privilege leak
{CVE-2004-0015}
[woody] - vbox3 0.1.7.1
-[07 Jan 2004] DSA-417 linux-kernel-2.4.18-powerpc+alpha - missing boundary check
+[07 Jan 2004] DSA-417-1 linux-kernel-2.4.18-powerpc+alpha - missing boundary check
{CVE-2003-0961 CVE-2003-0985}
[woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody3
[woody] - kernel-image-2.4.18-1-alpha 2.4.18-12
-[06 Jan 2004] DSA-416 fsp - buffer overflow, directory traversal
+[06 Jan 2004] DSA-416-1 fsp - buffer overflow, directory traversal
{CVE-2003-1022 CVE-2004-0011}
[woody] - fsp 2.81.b3-3.1woody1
-[06 Jan 2004] DSA-415 zebra - denial of service
+[06 Jan 2004] DSA-415-1 zebra - denial of service
{CVE-2003-0795 CVE-2003-0858}
NOTE: [woody] - zebra 0.92a-5woody2
NOTE: (newer zebra source package is totally unrelated)
-[06 Jan 2004] DSA-414 jabber - denial of service
+[06 Jan 2004] DSA-414-1 jabber - denial of service
{CVE-2004-0013}
[woody] - jabber 1.4.2a-1.1woody1
-[06 Jan 2004] DSA-413 linux-kernel-2.4.18 - missing boundary check
+[06 Jan 2004] DSA-413-1 linux-kernel-2.4.18 - missing boundary check
{CVE-2003-0985}
[woody] - kernel-source-2.4.18 2.4.18-14.1
[woody] - kernel-image-2.4.18-1-i386 2.4.18-12.1
-[05 Jan 2004] DSA-412 nd - buffer overflows
+[05 Jan 2004] DSA-412-1 nd - buffer overflows
{CVE-2004-0014}
[woody] - nd 0.5.0-1woody1
-[05 Jan 2004] DSA-411 mpg321 - format string vulnerability
+[05 Jan 2004] DSA-411-1 mpg321 - format string vulnerability
{CVE-2003-0969}
[woody] - mpg321 0.2.10.2
-[05 Jan 2004] DSA-410 libnids - buffer overflow
+[05 Jan 2004] DSA-410-1 libnids - buffer overflow
{CVE-2003-0850}
[woody] - libnids 1.16-3woody1
-[05 Jan 2004] DSA-409 bind - denial of service
+[05 Jan 2004] DSA-409-1 bind - denial of service
{CVE-2003-0914}
[woody] - bind 1:8.3.3-2.0woody2
-[05 Jan 2004] DSA-408 screen - integer overflow
+[05 Jan 2004] DSA-408-1 screen - integer overflow
{CVE-2003-0972}
[woody] - screen 3.9.11-5woody1
-[05 Jan 2004] DSA-407 ethereal - buffer overflows
+[05 Jan 2004] DSA-407-1 ethereal - buffer overflows
{CVE-2003-0925 CVE-2003-0926 CVE-2003-0927 CVE-2003-1012 CVE-2003-1013}
[woody] - ethereal 0.9.4-1woody6
-[05 Jan 2004] DSA-406 lftp - buffer overflow
+[05 Jan 2004] DSA-406-1 lftp - buffer overflow
{CVE-2003-0963}
[woody] - lftp 2.4.9-1woody2
-[30 Dec 2003] DSA-405 xsok - missing privilege release
+[30 Dec 2003] DSA-405-1 xsok - missing privilege release
{CVE-2003-0949}
[woody] - xsok 1.02-9woody2
-[04 Dec 2003] DSA-404 rsync - heap overflow
+[04 Dec 2003] DSA-404-1 rsync - heap overflow
{CVE-2003-0962}
[woody] - rsync 2.5.5-0.2
-[01 Dec 2003] DSA-403 kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18 - local root exploit
+[01 Dec 2003] DSA-403-1 kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18 - local root exploit
{CVE-2003-0961}
[woody] - kernel-image-2.4.18-1-alpha 2.4.18-11
[woody] - kernel-image-2.4.18-1-i386 2.4.18-12
[woody] - kernel-source-2.4.18 2.4.18-14
-[17 Nov 2003] DSA-402 minimalist - unsanitised input
+[17 Nov 2003] DSA-402-1 minimalist - unsanitised input
{CVE-2003-0902}
[woody] - minimalist 2.2-4
-[17 Nov 2003] DSA-401 hylafax - format strings
+[17 Nov 2003] DSA-401-1 hylafax - format strings
{CVE-2003-0886}
[woody] - hylafax 4.1.1-1.3
-[11 Nov 2003] DSA-400 omega-rpg - buffer overflow
+[11 Nov 2003] DSA-400-1 omega-rpg - buffer overflow
{CVE-2003-0932}
[woody] - omega-rpg 0.90-pa9-7woody1
-[10 Nov 2003] DSA-399 epic4 - buffer overflow
+[10 Nov 2003] DSA-399-1 epic4 - buffer overflow
{CVE-2003-0328}
[woody] - epic4 1.1.2.20020219-2.2
-[10 Nov 2003] DSA-398 conquest - buffer overflow
+[10 Nov 2003] DSA-398-1 conquest - buffer overflow
{CVE-2003-0933}
[woody] - conquest 7.1.1-6woody1
-[07 Nov 2003] DSA-397 postgresql - buffer overflow
+[07 Nov 2003] DSA-397-1 postgresql - buffer overflow
{CVE-2003-0901}
[woody] - postgresql 7.2.1-2woody4
-[29 Oct 2003] DSA-396 thttpd - missing input sanitizing, wrong calculation
+[29 Oct 2003] DSA-396-1 thttpd - missing input sanitizing, wrong calculation
{CVE-2002-1562 CVE-2003-0899}
[woody] - thttpd 2.21b-11.2
-[15 Oct 2003] DSA-395 tomcat4 - incorrect input handling
+[15 Oct 2003] DSA-395-1 tomcat4 - incorrect input handling
{CVE-2003-0866}
[woody] - tomcat4 4.0.3-3woody3
-[11 Oct 2003] DSA-394 openssl095 - ASN.1 parsing vulnerability
+[11 Oct 2003] DSA-394-1 openssl095 - ASN.1 parsing vulnerability
{CVE-2003-0543 CVE-2003-0544 CVE-2003-0545}
[woody] - openssl095 0.9.5a-6.woody.3
-[01 Oct 2003] DSA-393 openssl - denial of service
+[01 Oct 2003] DSA-393-1 openssl - denial of service
{CVE-2003-0543 CVE-2003-0544 CVE-2003-0545}
[woody] - openssl 0.9.6c-2.woody.4
-[29 Sep 2003] DSA-392 webfs - buffer overflows, file and directory exposure
+[29 Sep 2003] DSA-392-1 webfs - buffer overflows, file and directory exposure
{CVE-2003-0832 CVE-2003-0833}
[woody] - webfs 1.17.2
-[28 Sep 2003] DSA-391 freesweep - buffer overflow
+[28 Sep 2003] DSA-391-1 freesweep - buffer overflow
{CVE-2003-0828}
[woody] - freesweep 0.88-4woody1
-[26 Sep 2003] DSA-390 marbles - buffer overflow
+[26 Sep 2003] DSA-390-1 marbles - buffer overflow
{CVE-2003-0830}
[woody] - marbles 1.0.2-1woody1
-[20 Sep 2003] DSA-389 ipmasq - insecure packet filtering rules
+[20 Sep 2003] DSA-389-1 ipmasq - insecure packet filtering rules
{CVE-2003-0785}
[woody] - ipmasq 3.5.10c
-[19 Sep 2003] DSA-388 kdebase - several vulnerabilities
+[19 Sep 2003] DSA-388-1 kdebase - several vulnerabilities
{CVE-2003-0690 CVE-2003-0692}
[woody] - kdebase 4:2.2.2-14.7
-[18 Sep 2003] DSA-387 gopher - buffer overflows
+[18 Sep 2003] DSA-387-1 gopher - buffer overflows
{CVE-2003-0805}
[woody] - gopher 3.0.3woody1
-[18 Sep 2003] DSA-386 libmailtools-perl - input validation bug
+[18 Sep 2003] DSA-386-1 libmailtools-perl - input validation bug
{CVE-2002-1271}
[woody] - libmailtools-perl 1.44-1woody1
-[18 Sep 2003] DSA-385 hztty - buffer overflows
+[18 Sep 2003] DSA-385-1 hztty - buffer overflows
{CVE-2003-0783}
[woody] - hztty 2.0-5.2woody1
-[17 Sep 2003] DSA-384 sendmail - buffer overflows
+[17 Sep 2003] DSA-384-1 sendmail - buffer overflows
{CVE-2003-0681 CVE-2003-0694}
[woody] - sendmail 8.12.3-6.6
[woody] - sendmail-wide 8.12.3+3.5Wbeta-5.5
-[17 Sep 2003] DSA-383 ssh-krb5 - possible remote vulnerability
+[17 Sep 2003] DSA-383-1 ssh-krb5 - possible remote vulnerability
{CVE-2003-0693 CVE-2003-0695 CVE-2003-0682}
[woody] - openssh-krb5 3.4p1-0woody4
-[16 Sep 2003] DSA-382 ssh - possible remote vulnerability
+[16 Sep 2003] DSA-382-1 ssh - possible remote vulnerability
{CVE-2003-0693 CVE-2003-0695 CVE-2003-0682}
[woody] - openssh 1:3.4p1-1.woody.3
-[13 Sep 2003] DSA-381 mysql - buffer overflow
+[13 Sep 2003] DSA-381-1 mysql - buffer overflow
{CVE-2003-0780}
[woody] - mysql 3.23.49-8.5
-[12 Sep 2003] DSA-380 xfree86 - buffer overflows, denial of service
+[12 Sep 2003] DSA-380-1 xfree86 - buffer overflows, denial of service
{CVE-2003-0063 CVE-2003-0071 CVE-2002-0164 CVE-2003-0730}
[woody] - xfree86 4.1.0-16woody1
-[11 Sep 2003] DSA-379 sane-backends - several vulnerabilities
+[11 Sep 2003] DSA-379-1 sane-backends - several vulnerabilities
{CVE-2003-0773 CVE-2003-0774 CVE-2003-0775 CVE-2003-0776 CVE-2003-0777 CVE-2003-0778}
[woody] - sane-backends 1.0.7-4
-[07 Sep 2003] DSA-378 mah-jong - buffer overflows, denial of service
+[07 Sep 2003] DSA-378-1 mah-jong - buffer overflows, denial of service
{CVE-2003-0705 CVE-2003-0706}
[woody] - mah-jong 1.4-2
-[04 Sep 2003] DSA-377 wu-ftpd - insecure program execution
+[04 Sep 2003] DSA-377-1 wu-ftpd - insecure program execution
{CVE-1999-0997}
[woody] - wu-ftpd 2.6.2-3woody2
-[04 Sep 2003] DSA-376 exim - buffer overflow
+[04 Sep 2003] DSA-376-1 exim - buffer overflow
{CVE-2003-0743}
[woody] - exim 3.35-1woody2
[woody] - exim-tls 3.35-3woody1
-[29 Aug 2003] DSA-375 node - buffer overflow, format string
+[29 Aug 2003] DSA-375-1 node - buffer overflow, format string
{CVE-2003-0707 CVE-2003-0708}
[woody] - node 0.3.0a-2woody1
-[26 Aug 2003] DSA-374 libpam-smb - buffer overflow
+[26 Aug 2003] DSA-374-1 libpam-smb - buffer overflow
{CVE-2003-0686}
[woody] - libpam-smb 1.1.6-1.1woody1
-[16 Aug 2003] DSA-373 autorespond - buffer overflow
+[16 Aug 2003] DSA-373-1 autorespond - buffer overflow
{CVE-2003-0654}
[woody] - autorespond 2.0.2-2woody1
-[16 Aug 2003] DSA-372 netris - buffer overflow
+[16 Aug 2003] DSA-372-1 netris - buffer overflow
{CVE-2003-0685}
[woody] - netris 0.5-4woody1
-[11 Aug 2003] DSA-371 perl - cross-site scripting
+[11 Aug 2003] DSA-371-1 perl - cross-site scripting
{CVE-2003-0615}
[woody] - perl 5.6.1-8.3
-[08 Aug 2003] DSA-370 pam-pgsql - format string
+[08 Aug 2003] DSA-370-1 pam-pgsql - format string
{CVE-2003-0672}
[woody] - pam-pgsql 0.5.2-3woody1
-[08 Aug 2003] DSA-369 zblast - buffer overflow
+[08 Aug 2003] DSA-369-1 zblast - buffer overflow
{CVE-2003-0613}
[woody] - zblast 1.2pre-5woody2
-[08 Aug 2003] DSA-368 xpcd - buffer overflow
+[08 Aug 2003] DSA-368-1 xpcd - buffer overflow
{CVE-2003-0649}
[woody] - xpcd 2.08-8woody1
-[08 Aug 2003] DSA-367 xtokkaetama - buffer overflow
+[08 Aug 2003] DSA-367-1 xtokkaetama - buffer overflow
{CVE-2003-0652}
[woody] - xtokkaetama 1.0b-6woody2
-[05 Aug 2003] DSA-366 eroaster - insecure temporary file
+[05 Aug 2003] DSA-366-1 eroaster - insecure temporary file
{CVE-2003-0656}
[woody] - eroaster 2.1.0.0.3-2woody1
-[05 Aug 2003] DSA-365 phpgroupware - several vulnerabilities
+[05 Aug 2003] DSA-365-1 phpgroupware - several vulnerabilities
{CVE-2003-0504 CVE-2003-0599 CVE-2003-0657}
[woody] - phpgroupware 0.9.14-0.RC3.2.woody2
-[04 Aug 2003] DSA-364 man-db - buffer overflows, arbitrary command execution
+[04 Aug 2003] DSA-364-1 man-db - buffer overflows, arbitrary command execution
{CVE-2003-0620 CVE-2003-0645}
[woody] - man-db 2.3.20-18.woody.4
-[03 Aug 2003] DSA-363 postfix - denial of service, bounce-scanning
+[03 Aug 2003] DSA-363-1 postfix - denial of service, bounce-scanning
{CVE-2003-0468 CVE-2003-0540}
[woody] - postfix 1.1.11-0.woody3
-[02 Aug 2003] DSA-362 mindi - insecure temporary file
+[02 Aug 2003] DSA-362-1 mindi - insecure temporary file
{CVE-2003-0617}
[woody] - mindi 0.58.r5-1woody1
-[01 Aug 2003] DSA-361 kdelibs, kdelibs-crypto - several vulnerabilities
+[01 Aug 2003] DSA-361-1 kdelibs, kdelibs-crypto - several vulnerabilities
{CVE-2003-0459 CVE-2003-0370}
[woody] - kdelibs 4:2.2.2-13.woody.8
[woody] - kdelibs-crypto 4:2.2.2-6woody2
-[01 Aug 2003] DSA-360 xfstt - several vulnerabilities
+[01 Aug 2003] DSA-360-1 xfstt - several vulnerabilities
{CVE-2003-0581 CVE-2003-0625}
[woody] - xfstt 1.2.1-3
-[31 Jul 2003] DSA-359 atari800 - buffer overflows
+[31 Jul 2003] DSA-359-1 atari800 - buffer overflows
{CVE-2003-0630}
[woody] - atari800 1.2.2-1woody2
-[31 Jul 2003] DSA-358 linux-kernel-2.4.18 - several vulnerabilities
+[31 Jul 2003] DSA-358-1 linux-kernel-2.4.18 - several vulnerabilities
{CVE-2003-0461 CVE-2003-0462 CVE-2003-0476 CVE-2003-0501 CVE-2003-0550 CVE-2003-0551 CVE-2003-0552 CVE-2003-0018 CVE-2003-0619 CVE-2003-0643}
[woody] - kernel-source-2.4.18 2.4.18-13
[woody] - kernel-image-2.4.18-1-i386 2.4.18-11
[woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody4
[woody] - kernel-image-2.4.18-1-alpha 2.4.18-10.
-[31 Jul 2003] DSA-357 wu-ftpd - remote root exploit
+[31 Jul 2003] DSA-357-1 wu-ftpd - remote root exploit
{CVE-2003-0466}
[woody] - wu-ftpd 2.6.2-3woody1
-[30 Jul 2003] DSA-356 xtokkaetama - buffer overflows
+[30 Jul 2003] DSA-356-1 xtokkaetama - buffer overflows
{CVE-2003-0611}
[woody] - xtokkaetama 1.0b-6woody1
-[30 Jul 2003] DSA-355 gallery - cross-site scripting
+[30 Jul 2003] DSA-355-1 gallery - cross-site scripting
{CVE-2003-0614}
[woody] - gallery 1.2.5-8woody1
-[29 Jul 2003] DSA-354 xconq - buffer overflows
+[29 Jul 2003] DSA-354-1 xconq - buffer overflows
{CVE-2003-0607}
[woody] - xconq 7.4.1-2woody2
-[29 Jul 2003] DSA-353 sup - insecure temporary file
+[29 Jul 2003] DSA-353-1 sup - insecure temporary file
{CVE-2003-0606}
[woody] - sup 1.8-8woody1
-[22 Jul 2003] DSA-352 fdclone - insecure temporary directory
+[22 Jul 2003] DSA-352-1 fdclone - insecure temporary directory
{CVE-2003-0596}
[woody] - fdclone 2.00a-1woody3
-[16 Jul 2003] DSA-351 php4 - cross-site scripting
+[16 Jul 2003] DSA-351-1 php4 - cross-site scripting
{CVE-2003-0442}
[woody] - php4 4:4.1.2-6woody3
-[15 Jul 2003] DSA-350 falconseye - buffer overflow
+[15 Jul 2003] DSA-350-1 falconseye - buffer overflow
{CVE-2003-0358}
[woody] - falconseye 1.9.3-7woody3
-[14 Jul 2003] DSA-349 nfs-utils - buffer overflow
+[14 Jul 2003] DSA-349-1 nfs-utils - buffer overflow
{CVE-2003-0252}
[woody] - nfs-utils 1:1.0-2woody1
-[11 Jul 2003] DSA-348 traceroute-nanog - integer overflow, buffer overflow
+[11 Jul 2003] DSA-348-1 traceroute-nanog - integer overflow, buffer overflow
{CVE-2003-0453}
[woody] - traceroute-nanog 6.1.1-1.3
-[08 Jul 2003] DSA-347 teapop - SQL injection
+[08 Jul 2003] DSA-347-1 teapop - SQL injection
{CVE-2003-0515}
[woody] - teapop 0.3.4-1woody2
-[08 Jul 2003] DSA-346 phpsysinfo - directory traversal
+[08 Jul 2003] DSA-346-1 phpsysinfo - directory traversal
{CVE-2003-0536}
[woody] - phpsysinfo 2.0-3woody1
-[08 Jul 2003] DSA-345 xbl - buffer overflow
+[08 Jul 2003] DSA-345-1 xbl - buffer overflow
{CVE-2003-0535}
[woody] - xbl 1.0k-3woody2
-[08 Jul 2003] DSA-344 unzip - directory traversal
+[08 Jul 2003] DSA-344-1 unzip - directory traversal
{CVE-2003-0282}
[woody] - unzip 5.50-1woody2
-[08 Jul 2003] DSA-343 skk, ddskk - insecure temporary file
+[08 Jul 2003] DSA-343-1 skk, ddskk - insecure temporary file
{CVE-2003-0539}
[woody] - skk 10.62a-4woody1
[woody] - ddskk 11.6.rel.0-2woody1
-[07 Jul 2003] DSA-342 mozart - unsafe mailcap configuration
+[07 Jul 2003] DSA-342-1 mozart - unsafe mailcap configuration
{CVE-2003-0538}
[woody] - mozart 1.2.3.20011204-3woody1
-[07 Jul 2003] DSA-341 liece - insecure temporary file
+[07 Jul 2003] DSA-341-1 liece - insecure temporary file
{CVE-2003-0537}
[woody] - liece 2.0+0.20020217cvs-2.1
-[06 Jul 2003] DSA-340 x-face-el - insecure temporary file
+[06 Jul 2003] DSA-340-1 x-face-el - insecure temporary file
[woody] - x-face-el 1.3.6.19-1woody1
-[06 Jul 2003] DSA-339 semi - insecure temporary file
+[06 Jul 2003] DSA-339-1 semi - insecure temporary file
{CVE-2003-0440}
[woody] - semi 1.14.3.cvs.2001.08.10-1woody2
[woody] - wemi 1.14.0.20010802wemiko-1.3
-[29 Jun 2003] DSA-338 proftpd - SQL injection
+[29 Jun 2003] DSA-338-1 proftpd - SQL injection
{CVE-2003-0500}
[woody] - proftpd 1.2.4+1.2.5rc1-5woody2
-[29 Jun 2003] DSA-337 gtksee - buffer overflow
+[29 Jun 2003] DSA-337-1 gtksee - buffer overflow
{CVE-2003-0444}
[woody] - gtksee 0.5.0-6
-[29 Jun 2003] DSA-336 linux-kernel-2.2.20 - several vulnerabilities
+[29 Jun 2003] DSA-336-1 linux-kernel-2.2.20 - several vulnerabilities
{CVE-2002-1380 CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0364 CVE-2003-0246 CVE-2003-0244 CVE-2003-0247 CVE-2003-0248}
[woody] - kernel-source-2.2.20 2.2.20-5woody2
[woody] - kernel-image-2.2.20-i386 2.2.20-5woody3
-[28 Jun 2003] DSA-335 mantis - incorrect permissions
+[28 Jun 2003] DSA-335-1 mantis - incorrect permissions
{CVE-2003-0499}
[woody] - mantis 0.17.1-3
-[28 Jun 2003] DSA-334 xgalaga - buffer overflows
+[28 Jun 2003] DSA-334-1 xgalaga - buffer overflows
{CVE-2003-0454}
[woody] - xgalaga 2.0.34-19woody1
-[27 Jun 2003] DSA-333 acm - integer overflow
+[27 Jun 2003] DSA-333-1 acm - integer overflow
{CVE-2002-0391}
[woody] - acm 5.0-3.woody.1
-[27 Jun 2003] DSA-332 linux-kernel-2.4.17 - several vulnerabilities
+[27 Jun 2003] DSA-332-1 linux-kernel-2.4.17 - several vulnerabilities
{CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364}
[woody] - kernel-source-2.4.17 2.4.17-1woody1
[woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody2
-[27 Jun 2003] DSA-331 imagemagick - insecure temporary file
+[27 Jun 2003] DSA-331-1 imagemagick - insecure temporary file
{CVE-2003-0455}
[woody] - imagemagick 4:5.4.4.5-1woody1
-[23 Jun 2003] DSA-330 tcptraceroute - failure to drop root privileges
+[23 Jun 2003] DSA-330-1 tcptraceroute - failure to drop root privileges
{CVE-2003-0489}
[woody] - tcptraceroute 1.2-2
-[20 Jun 2003] DSA-329 osh - buffer overflows
+[20 Jun 2003] DSA-329-1 osh - buffer overflows
{CVE-2003-0452}
[woody] - osh 1.7-11woody1
-[19 Jun 2003] DSA-328 webfs - buffer overflow
+[19 Jun 2003] DSA-328-1 webfs - buffer overflow
{CVE-2003-0445}
[woody] - webfs 1.17.1
-[19 Jun 2003] DSA-327 xbl - buffer overflows
+[19 Jun 2003] DSA-327-1 xbl - buffer overflows
{CVE-2003-0451}
[woody] - xbl 1.0k-3woody1
-[19 Jun 2003] DSA-326 orville-write - buffer overflows
+[19 Jun 2003] DSA-326-1 orville-write - buffer overflows
{CVE-2003-0441}
[woody] - orville-write 2.53-4woody1
-[19 Jun 2003] DSA-325 eldav - insecure temporary file
+[19 Jun 2003] DSA-325-1 eldav - insecure temporary file
{CVE-2003-0438}
[woody] - eldav 0.0.20020411-1woody1
-[18 Jun 2003] DSA-324 ethereal - several vulnerabilities
+[18 Jun 2003] DSA-324-1 ethereal - several vulnerabilities
{CVE-2003-0428 CVE-2003-0429 CVE-2003-0431 CVE-2003-0432}
[woody] - ethereal 0.9.4-1woody5
-[16 Jun 2003] DSA-323 noweb - insecure temporary files
+[16 Jun 2003] DSA-323-1 noweb - insecure temporary files
{CVE-2003-0381}
[woody] - noweb 2.9a-7.3
-[16 Jun 2003] DSA-322 typespeed - buffer overflow
+[16 Jun 2003] DSA-322-1 typespeed - buffer overflow
{CVE-2003-0435}
[woody] - typespeed 0.4.1-2.2
-[13 Jun 2003] DSA-321 radiusd-cistron - buffer overflow
+[13 Jun 2003] DSA-321-1 radiusd-cistron - buffer overflow
{CVE-2003-0450}
[woody] - radiusd-cistron 1.6.6-1woody1
-[13 Jun 2003] DSA-320 mikmod - buffer overflow
+[13 Jun 2003] DSA-320-1 mikmod - buffer overflow
{CVE-2003-0427}
[woody] - mikmod 3.1.6-4woody3
-[12 Jun 2003] DSA-319 webmin - session ID spoofing
+[12 Jun 2003] DSA-319-1 webmin - session ID spoofing
{CVE-2003-0101}
[woody] - webmin 0.94-7woody1
-[12 Jun 2003] DSA-318 lyskom-server - denial of service
+[12 Jun 2003] DSA-318-1 lyskom-server - denial of service
{CVE-2003-0366}
[woody] - lyskom-server 2.0.6-1woody1
-[11 Jun 2003] DSA-317 cupsys - denial of service
+[11 Jun 2003] DSA-317-1 cupsys - denial of service
{CVE-2003-0195}
[woody] - cupsys 1.1.14-5
-[11 Jun 2003] DSA-316 nethack - buffer overflow, incorrect permissions
+[11 Jun 2003] DSA-316-1 nethack - buffer overflow, incorrect permissions
{CVE-2003-0358 CVE-2003-0359}
[woody] - nethack 3.4.0-3.0woody3
[woody] - slashem 0.0.6E4F8-4.0woody3
-[11 Jun 2003] DSA-315 gnocatan - buffer overflows, denial of service
+[11 Jun 2003] DSA-315-1 gnocatan - buffer overflows, denial of service
{CVE-2003-0433}
[woody] - gnocatan 0.6.1-5woody2
-[11 Jun 2003] DSA-314 atftp - buffer overflow
+[11 Jun 2003] DSA-314-1 atftp - buffer overflow
{CVE-2003-0380}
[woody] - atftp 0.6.1.1.0woody1
-[11 Jun 2003] DSA-313 ethereal - buffer overflows, integer overflows
+[11 Jun 2003] DSA-313-1 ethereal - buffer overflows, integer overflows
{CVE-2003-0356 CVE-2003-0357}
[woody] - ethereal 0.9.4-1woody4
-[09 Jun 2003] DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities
+[09 Jun 2003] DSA-312-1 kernel-patch-2.4.18-powerpc - several vulnerabilities
{CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248}
[woody] - kernel-patch-2.4.18-powerpc 2.4.18-1woody1
-[08 Jun 2003] DSA-311 linux-kernel-2.4.18 - several vulnerabilities
+[08 Jun 2003] DSA-311-1 linux-kernel-2.4.18 - several vulnerabilities
{CVE-2002-0429 CVE-2003-0001 CVE-2003-0127 CVE-2003-0244 CVE-2003-0246 CVE-2003-0247 CVE-2003-0248 CVE-2003-0364}
[woody] - kernel-source-2.4.18 2.4.18-9
[woody] - kernel-image-2.4.18-1-i386 2.4.18-8
[woody] - kernel-image-2.4.18-i386bf 2.4.18-5woody1.
-[08 Jun 2003] DSA-310 xaos - improper setuid-root execution
+[08 Jun 2003] DSA-310-1 xaos - improper setuid-root execution
{CVE-2003-0385}
[woody] - xaos 3.0-23woody1
-[06 Jun 2003] DSA-309 eterm - buffer overflow
+[06 Jun 2003] DSA-309-1 eterm - buffer overflow
{CVE-2003-0382}
[woody] - eterm 0.9.2-0pre2002042903.1
-[06 Jun 2003] DSA-308 gzip - insecure temporary files
+[06 Jun 2003] DSA-308-1 gzip - insecure temporary files
{CVE-1999-1332 CVE-2003-0367}
[woody] - gzip 1.3.2-3woody1
-[27 May 2003] DSA-307 gps - multiple vulnerabilities
+[27 May 2003] DSA-307-1 gps - multiple vulnerabilities
{CVE-2003-0361 CVE-2003-0360 CVE-2003-0362}
[woody] - gps 0.9.4-1woody1
-[19 May 2003] DSA-306 ircii-pana - buffer overflows, integer overflow
+[19 May 2003] DSA-306-1 ircii-pana - buffer overflows, integer overflow
{CVE-2003-0321 CVE-2003-0322 CVE-2003-0328}
[woody] - ircii-pana 1.0-0c19-1.1
-[15 May 2003] DSA-305 sendmail - insecure temporary files
+[15 May 2003] DSA-305-1 sendmail - insecure temporary files
{CVE-2003-0308}
[woody] - sendmail 8.12.3-6.4
-[15 May 2003] DSA-304 lv - privilege escalation
+[15 May 2003] DSA-304-1 lv - privilege escalation
{CVE-2003-0188}
[woody] - lv 4.49.4-7woody2
-[15 May 2003] DSA-303 mysql - privilege escalation
+[15 May 2003] DSA-303-1 mysql - privilege escalation
{CVE-2003-0073}
[woody] - mysql 3.23.49-8.4
-[07 May 2003] DSA-302 fuzz - privilege escalation
+[07 May 2003] DSA-302-1 fuzz - privilege escalation
{CVE-2003-0261}
[woody] - fuzz 0.6-6woody1
-[07 May 2003] DSA-301 libgtop - buffer overflow
+[07 May 2003] DSA-301-1 libgtop - buffer overflow
{CVE-2001-0928}
[woody] - libgtop 1.0.13-3.1
-[06 May 2003] DSA-300 balsa - buffer overflow
+[06 May 2003] DSA-300-1 balsa - buffer overflow
{CVE-2003-0167}
[woody] - balsa 1.2.4-2.2
-[06 May 2003] DSA-299 leksbot - improper setuid-root execution
+[06 May 2003] DSA-299-1 leksbot - improper setuid-root execution
{CVE-2003-0262}
[woody] - leksbot 1.2-3.1
-[02 May 2003] DSA-298 epic4 - buffer overflows
+[02 May 2003] DSA-298-1 epic4 - buffer overflows
{CVE-2003-0323}
[woody] - epic4 1.1.2.20020219-2.1
-[01 May 2003] DSA-297 snort - integer overflow, buffer overflow
+[01 May 2003] DSA-297-1 snort - integer overflow, buffer overflow
{CVE-2003-0033 CVE-2003-0209}
[woody] - snort 1.8.4beta1-3.1
-[30 Apr 2003] DSA-296 kdebase - insecure execution
+[30 Apr 2003] DSA-296-1 kdebase - insecure execution
{CVE-2003-0204}
[woody] - kdebase 2.2.2-14.4
-[30 Apr 2003] DSA-295 pptpd - buffer overflow
+[30 Apr 2003] DSA-295-1 pptpd - buffer overflow
{CVE-2003-0213}
[woody] - pptpd 1.1.2-1.4
-[23 Apr 2003] DSA-294 gkrellm-newsticker - missing quoting, incomplete parser
+[23 Apr 2003] DSA-294-1 gkrellm-newsticker - missing quoting, incomplete parser
{CVE-2003-0205 CVE-2003-0206}
[woody] - gkrellm-newsticker 0.3-3.1
-[23 Apr 2003] DSA-293 kdelibs - insecure execution
+[23 Apr 2003] DSA-293-1 kdelibs - insecure execution
{CVE-2003-0204}
[woody] - kdebase 4:2.2.2-13.woody.7
-[22 Apr 2003] DSA-292 mime-support - insecure temporary file creation
+[22 Apr 2003] DSA-292-1 mime-support - insecure temporary file creation
{CVE-2003-0214}
[woody] - mime-support 3.18-1.3
-[22 Apr 2003] DSA-291 ircii - buffer overflows
+[22 Apr 2003] DSA-291-1 ircii - buffer overflows
{CVE-2003-0323}
[woody] - ircii 20020322-1.1
-[17 Apr 2003] DSA-290 sendmail-wide - char-to-int conversion
+[17 Apr 2003] DSA-290-1 sendmail-wide - char-to-int conversion
{CVE-2003-0161}
[woody] - sendmail-wide 8.12.3+3.5Wbeta-5.4
-[17 Apr 2003] DSA-289 rinetd - incorrect memory resizing
+[17 Apr 2003] DSA-289-1 rinetd - incorrect memory resizing
{CVE-2003-0212}
[woody] - rinetd 0.61-1.1
-[17 Apr 2003] DSA-288 openssl - several vulnerabilities
+[17 Apr 2003] DSA-288-1 openssl - several vulnerabilities
{CVE-2003-0147 CVE-2003-0131}
[woody] - openssl 0.9.6c-2.woody.3
-[15 Apr 2003] DSA-287 epic - buffer overflows
+[15 Apr 2003] DSA-287-1 epic - buffer overflows
{CVE-2003-0324}
[woody] - epic 3.004-17.1
-[14 Apr 2003] DSA-286 gs-common - insecure temporary file
+[14 Apr 2003] DSA-286-1 gs-common - insecure temporary file
{CVE-2003-0207}
[woody] - gs-common 0.3.3.0woody1
-[14 Apr 2003] DSA-285 lprng - insecure temporary file
+[14 Apr 2003] DSA-285-1 lprng - insecure temporary file
{CVE-2003-0136}
[woody] - lprng 3.8.10-1.2
-[12 Apr 2003] DSA-284 kdegraphics - insecure execution
+[12 Apr 2003] DSA-284-1 kdegraphics - insecure execution
{CVE-2003-0204}
[woody] - kdegraphics 3.8.10-1.2
-[11 Apr 2003] DSA-283 xfsdump - insecure file creation
+[11 Apr 2003] DSA-283-1 xfsdump - insecure file creation
{CVE-2003-0173}
[woody] - xfsdump 2.0.1-2
-[09 Apr 2003] DSA-282 glibc - integer overflow
+[09 Apr 2003] DSA-282-1 glibc - integer overflow
{CVE-2003-0028}
[woody] - glibc 2.2.5-11.5
-[08 Apr 2003] DSA-281 moxftp - buffer overflow
+[08 Apr 2003] DSA-281-1 moxftp - buffer overflow
{CVE-2003-0203}
[woody] - moxftp 2.2-18.1
-[07 Apr 2003] DSA-280 samba - buffer overflow
+[07 Apr 2003] DSA-280-1 samba - buffer overflow
{CVE-2003-0201 CVE-2003-0196}
[woody] - samba 2.2.3a-12.3
-[07 Apr 2003] DSA-279 metrics - insecure temporary file creation
+[07 Apr 2003] DSA-279-1 metrics - insecure temporary file creation
{CVE-2003-0202}
NOTE: Potato-only vulnerability, package was removed from woody.
-[04 Apr 2003] DSA-278 sendmail - char-to-int conversion
+[04 Apr 2003] DSA-278-1 sendmail - char-to-int conversion
{CVE-2003-0161}
[woody] - sendmail 8.12.3-6.3
-[03 Apr 2003] DSA-277 apcupsd - buffer overflows, format string
+[03 Apr 2003] DSA-277-1 apcupsd - buffer overflows, format string
{CVE-2003-0098 CVE-2003-0099}
[woody] - apcupsd 3.8.5-1.1.1
-[03 Apr 2003] DSA-276 linux-kernel-s390 - local privilege escalation
+[03 Apr 2003] DSA-276-1 linux-kernel-s390 - local privilege escalation
{CVE-2003-0127}
[woody] - kernel-patch-2.4.17-s390 0.0.20020816-0.woody.1.1
[woody] - kernel-image-2.4.17-s390 2.4.17-2.woody.2.2
-[02 Apr 2003] DSA-275 lpr-ppd - buffer overflow
+[02 Apr 2003] DSA-275-1 lpr-ppd - buffer overflow
{CVE-2003-0144}
[woody] - lpr-ppd 0.72-2.1
-[28 Mar 2003] DSA-274 mutt - buffer overflow
+[28 Mar 2003] DSA-274-1 mutt - buffer overflow
{CVE-2003-0167}
[woody] - mutt 1.3.28-2.2
-[28 Mar 2003] DSA-273 krb4 - Cryptographic weakness
+[28 Mar 2003] DSA-273-1 krb4 - Cryptographic weakness
{CVE-2003-0138 CVE-2003-0139}
[woody] - krb4 1.1-8-2.3
-[28 Mar 2003] DSA-272 dietlibc - integer overflow
+[28 Mar 2003] DSA-272-1 dietlibc - integer overflow
{CVE-2003-0028}
[woody] - dietlibc 0.12-2.5
-[27 Mar 2003] DSA-271 ecartis - unauthorized password change
+[27 Mar 2003] DSA-271-1 ecartis - unauthorized password change
{CVE-2003-0162}
[woody] - ecartis 0.129a+1.0.0-snap20020514-1.1
-[27 Mar 2003] DSA-270 linux-kernel-mips - local privilege escalation
+[27 Mar 2003] DSA-270-1 linux-kernel-mips - local privilege escalation
{CVE-2003-0127}
[woody] - kernel-patch-2.4.17-mips 2.4.17-0.020226.2.woody1
[woody] - kernel-patch-2.4.19-mips 2.4.19-0.020911.1.woody1
-[26 Mar 2003] DSA-269 heimdal - Cryptographic weakness
+[26 Mar 2003] DSA-269-1 heimdal - Cryptographic weakness
{CVE-2003-0138}
[woody] - heimdal 0.4e-7.woody.8
-[25 Mar 2003] DSA-268 mutt - buffer overflow
+[25 Mar 2003] DSA-268-1 mutt - buffer overflow
{CVE-2003-0140}
[woody] - mutt 1.3.28-2.1
-[24 Mar 2003] DSA-267 lpr - buffer overflow
+[24 Mar 2003] DSA-267-1 lpr - buffer overflow
{CVE-2003-0144}
[woody] - lpr 2000.05.07-4.3
-[24 Mar 2003] DSA-266 krb5 - several vulnerabilities
+[24 Mar 2003] DSA-266-1 krb5 - several vulnerabilities
{CVE-2003-0028 CVE-2003-0072 CVE-2003-0082 CVE-2003-0138 CVE-2003-0139}
[woody] - krb5 1.2.4-5woody4
-[21 Mar 2003] DSA-265 bonsai - several vulnerabilities
+[21 Mar 2003] DSA-265-1 bonsai - several vulnerabilities
{CVE-2003-0152 CVE-2003-0153 CVE-2003-0154 CVE-2003-0155}
[woody] - bonsai 1.3+cvs20020224-1woody1
-[19 Mar 2003] DSA-264 lxr - missing filename sanitizing
+[19 Mar 2003] DSA-264-1 lxr - missing filename sanitizing
{CVE-2003-0156}
[woody] - lxr 0.3-3
-[17 Mar 2003] DSA-263 netpbm-free - math overflow errors
+[17 Mar 2003] DSA-263-1 netpbm-free - math overflow errors
{CVE-2003-0146}
[woody] - netpbm-free 2:9.20-8.2
-[15 Mar 2003] DSA-262 samba - remote exploit
+[15 Mar 2003] DSA-262-1 samba - remote exploit
{CVE-2003-0085 CVE-2003-0086}
[woody] - samba 2.2.3a-12.1
-[14 Mar 2003] DSA-261 tcpdump - infinite loop
+[14 Mar 2003] DSA-261-1 tcpdump - infinite loop
{CVE-2003-0093 CVE-2003-0145}
[woody] - tcpdump 3.6.2-2.4
-[13 Mar 2003] DSA-260 file - buffer overflow
+[13 Mar 2003] DSA-260-1 file - buffer overflow
{CVE-2003-0102}
[woody] - file 3.37-3.1.woody.1
-[12 Mar 2003] DSA-259 qpopper - mail user privilege escalation
+[12 Mar 2003] DSA-259-1 qpopper - mail user privilege escalation
{CVE-2003-0143}
[woody] - qpopper 4.0.4-2.woody.3
-[10 Mar 2003] DSA-258 ethereal - format string vulnerability
+[10 Mar 2003] DSA-258-1 ethereal - format string vulnerability
{CVE-2003-0081}
[woody] - ethereal 0.9.4-1woody3
-[04 Mar 2003] DSA-257 sendmail - remote exploit
+[04 Mar 2003] DSA-257-1 sendmail - remote exploit
{CVE-2002-1337}
[woody] - sendmail 8.12.3-5
[woody] - sendmail-wide 8.12.3+3.5Wbeta-5.2
-[28 Feb 2003] DSA-256 mhc - insecure temporary file
+[28 Feb 2003] DSA-256-1 mhc - insecure temporary file
{CVE-2003-0120}
[woody] - mhc 0.25+20010625-7.1
-[27 Feb 2003] DSA-255 tcpdump - infinite loop
+[27 Feb 2003] DSA-255-1 tcpdump - infinite loop
{CVE-2003-0108 CVE-2002-0380}
[woody] - tcpdump 3.6.2-2.3
-[27 Feb 2003] DSA-254 traceroute-nanog - buffer overflow
+[27 Feb 2003] DSA-254-1 traceroute-nanog - buffer overflow
{CVE-2002-1051 CVE-2002-1364 CVE-2002-1386 CVE-2002-1387}
[woody] - traceroute-nanog 6.1.1-1.2
-[24 Feb 2003] DSA-253 openssl - information leak
+[24 Feb 2003] DSA-253-1 openssl - information leak
{CVE-2003-0078}
[woody] - openssl 0.9.6c-2.woody.2
-[21 Feb 2003] DSA-252 slocate - buffer overflow
+[21 Feb 2003] DSA-252-1 slocate - buffer overflow
{CVE-2003-0056}
[woody] - slocate 2.6-1.3.1
-[14 Feb 2003] DSA-251 w3m - missing HTML quoting
+[14 Feb 2003] DSA-251-1 w3m - missing HTML quoting
{CVE-2002-1335 CVE-2002-1348}
[woody] - w3m 0.3-2.4
-[12 Feb 2003] DSA-250 w3mmee-ssl - missing HTML quoting
+[12 Feb 2003] DSA-250-1 w3mmee-ssl - missing HTML quoting
{CVE-2002-1335 CVE-2002-1348}
NOTE: not in sid/sarge
-[11 Feb 2003] DSA-249 w3mmee - missing HTML quoting
+[11 Feb 2003] DSA-249-1 w3mmee - missing HTML quoting
{CVE-2002-1335 CVE-2002-1348}
[woody] - w3mmee 0.3-2.4
-[31 Jan 2003] DSA-248 hypermail - buffer overflows
+[31 Jan 2003] DSA-248-1 hypermail - buffer overflows
{CVE-2003-0057}
[woody] - hypermail 2.1.3-2.0
-[30 Jan 2003] DSA-247 courier-ssl - missing input sanitizing
+[30 Jan 2003] DSA-247-1 courier-ssl - missing input sanitizing
{CVE-2003-0040}
[woody] - courier 0.37.3-3.3
-[29 Jan 2003] DSA-246 tomcat - information exposure, cross site scripting
+[29 Jan 2003] DSA-246-1 tomcat - information exposure, cross site scripting
{CVE-2003-0042 CVE-2003-0043 CVE-2003-0044}
[woody] - tomcat 3.3a-4woody.1
-[28 Jan 2003] DSA-245 dhcp3 - ignored counter boundary
+[28 Jan 2003] DSA-245-1 dhcp3 - ignored counter boundary
{CVE-2003-0039}
[woody] - dhcp3 3.0+3.0.1rc9-2.2
-[27 Jan 2003] DSA-244 noffle - buffer overflows
+[27 Jan 2003] DSA-244-1 noffle - buffer overflows
{CVE-2003-0037}
[woody] - noffle 1.0.1-1.1
-[24 Jan 2003] DSA-243 kdemultimedia - several vulnerabilities
+[24 Jan 2003] DSA-243-1 kdemultimedia - several vulnerabilities
{CVE-2002-1393}
[woody] - kdemultimedia 2.2.2-8.2
-[24 Jan 2003] DSA-242 kdebase - several vulnerabilities
+[24 Jan 2003] DSA-242-1 kdebase - several vulnerabilities
{CVE-2002-1393}
[woody] - kdebase 2.2.2-14.2
-[24 Jan 2003] DSA-241 kdeutils - several vulnerabilities
+[24 Jan 2003] DSA-241-1 kdeutils - several vulnerabilities
{CVE-2002-1393}
[woody] - kdeutils 2.2.2-9.2
-[23 Jan 2003] DSA-240 kdegames - several vulnerabilities
+[23 Jan 2003] DSA-240-1 kdegames - several vulnerabilities
{CVE-2002-1393}
[woody] - kdegames 2.2.2-2.2
-[23 Jan 2003] DSA-239 kdesdk - several vulnerabilities
+[23 Jan 2003] DSA-239-1 kdesdk - several vulnerabilities
{CVE-2002-1393}
[woody] - kdesdk 2.2.2-3.2
-[23 Jan 2003] DSA-238 kdepim - several vulnerabilities
+[23 Jan 2003] DSA-238-1 kdepim - several vulnerabilities
{CVE-2002-1393}
[woody] - kdepim 2.2.2-5.2
-[22 Jan 2003] DSA-237 kdenetwork - several vulnerabilities
+[22 Jan 2003] DSA-237-1 kdenetwork - several vulnerabilities
{CVE-2002-1393}
[woody] - kdenetwork 2.2.2-14.6
-[22 Jan 2003] DSA-236 kdelibs - several vulnerabilities
+[22 Jan 2003] DSA-236-1 kdelibs - several vulnerabilities
{CVE-2002-1393}
[woody] - kdelibs 2.2.2-13.woody.6
-[22 Jan 2003] DSA-235 kdegraphics - several vulnerabilities
+[22 Jan 2003] DSA-235-1 kdegraphics - several vulnerabilities
{CVE-2002-1393}
[woody] - kdegraphics 2.2.2-6.10
-[22 Jan 2003] DSA-234 kdeadmin - several vulnerabilities
+[22 Jan 2003] DSA-234-1 kdeadmin - several vulnerabilities
{CVE-2002-1393}
[woody] - kdeadmin 2.2.2-7.2
-[21 Jan 2003] DSA-233 cvs - doubly freed memory
+[21 Jan 2003] DSA-233-1 cvs - doubly freed memory
{CVE-2003-0015}
[woody] - cvs 1.11.1p1debian-8.1
-[20 Jan 2003] DSA-232 cupsys - several vulnerabilities
+[20 Jan 2003] DSA-232-1 cupsys - several vulnerabilities
{CVE-2002-1366 CVE-2002-1367 CVE-2002-1368 CVE-2002-1369 CVE-2002-1371 CVE-2002-1372 CVE-2002-1383 CVE-2002-1384}
[woody] - cupsys 1.1.14-4.3
-[17 Jan 2003] DSA-231 dhcp3 - stack overflows
+[17 Jan 2003] DSA-231-1 dhcp3 - stack overflows
{CVE-2003-0026}
[woody] - dhcp3 3.0+3.0.1rc9-2.1
-[16 Jan 2003] DSA-230 bugzilla - insecure permissions, spurious backup files
+[16 Jan 2003] DSA-230-1 bugzilla - insecure permissions, spurious backup files
{CVE-2003-0012 CVE-2003-0013}
[woody] - bugzilla 2.14.2-0woody4
-[15 Jan 2003] DSA-229 imp - SQL injection
+[15 Jan 2003] DSA-229-2 imp - SQL injection and typo
+ {CVE-2003-0025}
+ [woody] - imp 2.2.6-5.2
+[15 Jan 2003] DSA-229-1 imp - SQL injection
{CVE-2003-0025}
[woody] - imp 2.2.6-5.1
-[14 Jan 2003] DSA-228 libmcrypt - buffer overflows and memory leak
+[14 Jan 2003] DSA-228-1 libmcrypt - buffer overflows and memory leak
{CVE-2003-0031 CVE-2003-0032}
[woody] - libmcrypt 2.5.0-1woody1
-[13 Jan 2003] DSA-227 openldap2 - buffer overflows and other bugs
+[13 Jan 2003] DSA-227-1 openldap2 - buffer overflows and other bugs
{CVE-2002-1378 CVE-2002-1379 CVE-2002-1508}
[woody] - openldap2 2.0.23-6.3
-[10 Jan 2003] DSA-226 xpdf-i - integer overflow
+[10 Jan 2003] DSA-226-1 xpdf-i - integer overflow
{CVE-2002-1384}
[woody] - xpdf <not-affected> (xpdf-i is only a dummy package)
-[09 Jan 2003] DSA-225 tomcat4 - source disclosure
+[09 Jan 2003] DSA-225-1 tomcat4 - source disclosure
{CVE-2002-1394}
[woody] - tomcat4 4.0.3-3woody2
-[08 Jan 2003] DSA-224 canna - buffer overflow and more
+[08 Jan 2003] DSA-224-1 canna - buffer overflow and more
{CVE-2002-1158 CVE-2002-1159}
[woody] - canna 3.5b2-46.2
-[07 Jan 2003] DSA-223 geneweb - information exposure
+[07 Jan 2003] DSA-223-1 geneweb - information exposure
{CVE-2002-1390}
[woody] - geneweb 4.06-2
-[06 Jan 2003] DSA-222 xpdf - integer overflow
+[06 Jan 2003] DSA-222-1 xpdf - integer overflow
{CVE-2002-1384}
[woody] - xpdf 1.00-3.1
-[03 Jan 2003] DSA-221 mhonarc - cross site scripting
+[03 Jan 2003] DSA-221-1 mhonarc - cross site scripting
{CVE-2002-1388}
[woody] - mhonarc 2.5.2-1.3
-[02 Jan 2003] DSA-220 squirrelmail - cross site scripting
+[02 Jan 2003] DSA-220-1 squirrelmail - cross site scripting
{CVE-2002-1341}
[woody] - squirrelmail 1.2.6-1.3
-[31 Dec 2002] DSA-219 dhcpcd - remote command execution
+[31 Dec 2002] DSA-219-1 dhcpcd - remote command execution
{CVE-2002-1403}
NOTE: Woody doesn't have dhcpd
-[30 Dec 2002] DSA-218 bugzilla - cross site scripting
+[30 Dec 2002] DSA-218-1 bugzilla - cross site scripting
{CVE-2002-2260}
[woody] - bugzilla 2.14.2-0woody3
-[27 Dec 2002] DSA-217 typespeed - buffer overflow
+[27 Dec 2002] DSA-217-1 typespeed - buffer overflow
{CVE-2002-1389}
[woody] - typespeed 0.4.1-2.1
-[24 Dec 2002] DSA-216 fetchmail - buffer overflow
+[24 Dec 2002] DSA-216-1 fetchmail - buffer overflow
{CVE-2002-1365}
[woody] - fetchmail 5.9.11-6.2
-[23 Dec 2002] DSA-215 cyrus-imapd - buffer overflow
+[23 Dec 2002] DSA-215-1 cyrus-imapd - buffer overflow
{CVE-2002-1580}
[woody] - cyrus-imapd 1.5.19-9.1
-[20 Dec 2002] DSA-214 kdenetwork - buffer overflows
+[20 Dec 2002] DSA-214-1 kdenetwork - buffer overflows
{CVE-2002-1306}
[woody] - kdenetwork 2.2.2-14.5
-[19 Dec 2002] DSA-213 libpng - buffer overflow
+[19 Dec 2002] DSA-213-1 libpng - buffer overflow
{CVE-2002-1363}
[woody] - libpng 1.0.12-3.woody.3
[woody] - libpng3 1.2.1-1.1.woody.3
-[17 Dec 2002] DSA-212 mysql - multiple problems
+[17 Dec 2002] DSA-212-1 mysql - multiple problems
{CVE-2002-1373 CVE-2002-1374 CVE-2002-1375 CVE-2002-1376}
[woody] - mysql 3.23.49-8.2
-[13 Dec 2002] DSA-211 micq - denial of service
+[13 Dec 2002] DSA-211-1 micq - denial of service
{CVE-2002-1362}
[woody] - micq 0.4.9-0woody3
-[13 Dec 2002] DSA-210 lynx - CRLF injection
+[13 Dec 2002] DSA-210-1 lynx - CRLF injection
{CVE-2002-1405}
[woody] - lynx 2.8.3-1.1
[woody] - lynx-ssl 2.8.3.1-1.1
-[12 Dec 2002] DSA-209 wget - directory traversal
+[12 Dec 2002] DSA-209-1 wget - directory traversal
{CVE-2002-1344}
[woody] - wget 1.8.1-6.1
-[12 Dec 2002] DSA-208 perl - broken safe compartment
+[12 Dec 2002] DSA-208-1 perl - broken safe compartment
{CVE-2002-1323}
[woody] - perl 5.6.1-8.2
-[11 Dec 2002] DSA-207 tetex-bin - arbitrary command execution
+[11 Dec 2002] DSA-207-1 tetex-bin - arbitrary command execution
{CVE-2002-0836}
[woody] - tetex-bin 1.0.7+20011202-7.1
-[10 Dec 2002] DSA-206 tcpdump - denial of service
+[10 Dec 2002] DSA-206-1 tcpdump - denial of service
{CVE-2002-1350}
[woody] - tcpdump 3.6.2-2.2
-[10 Dec 2002] DSA-205 gtetrinet - buffer overflow
+[10 Dec 2002] DSA-205-1 gtetrinet - buffer overflow
[woody] - gtetrinet 0.4.1-9woody1.1
-[05 Dec 2002] DSA-204 kdelibs - arbitrary program execution
+[05 Dec 2002] DSA-204-1 kdelibs - arbitrary program execution
{CVE-2002-1281 CVE-2002-1282}
[woody] - kdelibs 2.2.2-13.woody.5
-[04 Dec 2002] DSA-203 smb2www - arbitrary command execution
+[04 Dec 2002] DSA-203-1 smb2www - arbitrary command execution
{CVE-2002-1342}
[woody] - smb2www 980804-16.1
-[03 Dec 2002] DSA-202 im - insecure temporary files
+[03 Dec 2002] DSA-202-1 im - insecure temporary files
{CVE-2002-1395}
[woody] - im 141-18.1
-[02 Dec 2002] DSA-201 freeswan - denial of service
+[02 Dec 2002] DSA-201-1 freeswan - denial of service
{CVE-2002-0666}
[woody] - freeswan 1.96-1.4
-[22 Nov 2002] DSA-200 samba - remote exploit
+[22 Nov 2002] DSA-200-1 samba - remote exploit
{CVE-2002-1318}
[woody] - samba 2.2.3a-12
-[19 Nov 2002] DSA-199 mhonarc - cross site scripting
+[19 Nov 2002] DSA-199-1 mhonarc - cross site scripting
{CVE-2002-1307}
[woody] - mhonarc 2.5.2-1.2
-[18 Nov 2002] DSA-198 nullmailer - denial of service
+[18 Nov 2002] DSA-198-1 nullmailer - denial of service
{CVE-2002-1313}
[woody] - nullmailer 1.00RC5-16.1woody2
-[15 Nov 2002] DSA-197 courier - buffer overflow
+[15 Nov 2002] DSA-197-1 courier - buffer overflow
{CVE-2002-1311}
[woody] - courier 0.37.3-2.3
-[14 Nov 2002] DSA-196 bind - several vulnerabilities
+[14 Nov 2002] DSA-196-1 bind - several vulnerabilities
{CVE-2002-0029 CVE-2002-1219 CVE-2002-1220 CVE-2002-1221}
[woody] - bind 8.3.3-2.0woody1
-[13 Nov 2002] DSA-195 apache-perl - several vulnerabilities
+[13 Nov 2002] DSA-195-1 apache-perl - several vulnerabilities
{CVE-2002-0839 CVE-2002-0840 CVE-2002-0843 CVE-2001-0131 CVE-2002-1233}
[woody] - apache-perl 1.3.26-1-1.26-0woody2
-[12 Nov 2002] DSA-194 masqmail - buffer overflows
+[12 Nov 2002] DSA-194-1 masqmail - buffer overflows
{CVE-2002-1279}
[woody] - masqmail 0.1.16-2.1
-[11 Nov 2002] DSA-193 kdenetwork - buffer overflow
+[11 Nov 2002] DSA-193-1 kdenetwork - buffer overflow
{CVE-2002-1247}
[woody] - kdenetwork 4:2.2.2-14.2
-[08 Nov 2002] DSA-192 html2ps - arbitrary code execution
+[08 Nov 2002] DSA-192-1 html2ps - arbitrary code execution
{CVE-2002-1275}
[woody] - html2ps 1.0b3-1.1
-[07 Nov 2002] DSA-191 squirrelmail - cross site scripting
+[07 Nov 2002] DSA-191-1 squirrelmail - cross site scripting
{CVE-2002-1131 CVE-2002-1132 CVE-2002-1276}
[woody] - squirrelmail 1.2.6-1.1
-[07 Nov 2002] DSA-190 wmaker - buffer overflow
+[07 Nov 2002] DSA-190-1 wmaker - buffer overflow
{CVE-2002-1277}
[woody] - wmaker 0.80.0-4.1
-[06 Nov 2002] DSA-189 luxman - local root exploit
+[06 Nov 2002] DSA-189-1 luxman - local root exploit
{CVE-2002-1245}
[woody] - luxman 0.41-17.1
-[05 Nov 2002] DSA-188 apache-ssl - several vulnerabilities
+[05 Nov 2002] DSA-188-1 apache-ssl - several vulnerabilities
{CVE-2002-0839 CVE-2002-0840 CVE-2002-0843 CVE-2001-0131 CVE-2002-1233}
[woody] - apache-ssl 1.3.26.1+1.48-0woody3
-[04 Nov 2002] DSA-187 apache - several vulnerabilities
+[04 Nov 2002] DSA-187-1 apache - several vulnerabilities
{CVE-2002-0839 CVE-2002-0840 CVE-2002-0843 CVE-2001-0131 CVE-2002-1233}
[woody] - apache 1.3.26-0woody
-[01 Nov 2002] DSA-186 log2mail - buffer overflow
+[01 Nov 2002] DSA-186-1 log2mail - buffer overflow
{CVE-2002-1251}
[woody] - log2mail 0.2.5.1
-[31 Oct 2002] DSA-185 heimdal - buffer overflow
+[31 Oct 2002] DSA-185-1 heimdal - buffer overflow
{CVE-2002-1235}
[woody] - heimdal 0.4e-7.woody.5
-[30 Oct 2002] DSA-184 krb4 - buffer overflow
+[30 Oct 2002] DSA-184-1 krb4 - buffer overflow
{CVE-2002-1235}
[woody] - krb4 1.1-8-2.2
-[29 Oct 2002] DSA-183 krb5 - buffer overflow
+[29 Oct 2002] DSA-183-1 krb5 - buffer overflow
{CVE-2002-1235}
[woody] - krb5 1.2.4-5woody3
-[28 Oct 2002] DSA-182 kdegraphics - buffer overflow
+[28 Oct 2002] DSA-182-1 kdegraphics - buffer overflow
{CVE-2002-0838}
[woody] - kdegraphics 2.2.2-6.8
-[22 Oct 2002] DSA-181 libapache-mod-ssl - cross site scripting
+[22 Oct 2002] DSA-181-1 libapache-mod-ssl - cross site scripting
{CVE-2002-1157}
[woody] - libapache-mod-ssl 2.8.9-2.1
-[21 Oct 2002] DSA-180 nis - information leak
+[21 Oct 2002] DSA-180-1 nis - information leak
{CVE-2002-1232}
[woody] - nis 3.9-6.1
-[18 Oct 2002] DSA-179 gnome-gv - buffer overflow
+[18 Oct 2002] DSA-179-1 gnome-gv - buffer overflow
{CVE-2002-0838}
[woody] - gnome-gv 1.1.96-3.1
-[17 Oct 2002] DSA-178 heimdal - remote command execution
+[17 Oct 2002] DSA-178-1 heimdal - remote command execution
{CVE-2002-1225 CVE-2002-1226}
[woody] - heimdal 0.4e-7.woody.4
-[17 Oct 2002] DSA-177 pam - serious security violation
+[17 Oct 2002] DSA-177-1 pam - serious security violation
{CVE-2002-1227}
[woody] - pam <not-affected>
[sarge] - pam <not-affected>
-[16 Oct 2002] DSA-176 gv - buffer overflow
+[16 Oct 2002] DSA-176-1 gv - buffer overflow
{CVE-2002-0838}
[woody] - gv 3.5.8-26.1
-[15 Oct 2002] DSA-175 syslog-ng - buffer overflow
+[15 Oct 2002] DSA-175-1 syslog-ng - buffer overflow
{CVE-2002-1200}
[woody] - syslog-ng 1.5.15-1.1
-[14 Oct 2002] DSA-174 heartbeat - buffer overflow
+[14 Oct 2002] DSA-174-1 heartbeat - buffer overflow
{CVE-2002-1215}
[woody] - heartbeat 0.4.9.0l-7.2
-[09 Oct 2002] DSA-173 bugzilla - privilege escalation
+[09 Oct 2002] DSA-173-1 bugzilla - privilege escalation
{CVE-2002-1196}
[woody] - bugzilla 2.14.2-0woody2
-[08 Oct 2002] DSA-172 tkmail - insecure temporary files
+[08 Oct 2002] DSA-172-1 tkmail - insecure temporary files
{CVE-2002-1193}
[woody] - tkmail 4.0beta9-8.1
-[07 Oct 2002] DSA-171 fetchmail - buffer overflows
+[07 Oct 2002] DSA-171-1 fetchmail - buffer overflows
{CVE-2002-1175 CVE-2002-1174}
[woody] - fetchmail-ssl 5.9.11-6.1
[woody] - fetchmail 5.9.11-6.1
-[04 Oct 2002] DSA-170 tomcat4 - source code disclosure
+[04 Oct 2002] DSA-170-1 tomcat4 - source code disclosure
{CVE-2002-1148}
[woody] - tomcat4 4.0.3-3woody1
-[25 Sep 2002] DSA-169 htcheck - cross site scripting
+[25 Sep 2002] DSA-169-1 htcheck - cross site scripting
{CVE-2002-1195}
[woody] - htcheck 1.1-1.1
-[18 Sep 2002] DSA-168 php - bypassing safe_mode, CRLF injection
+[18 Sep 2002] DSA-168-1 php - bypassing safe_mode, CRLF injection
{CVE-2002-0985 CVE-2002-0986}
[woody] - php3 3.0.18-23.1woody1
[woody] - php4 4.1.2-5
-[16 Sep 2002] DSA-167 kdelibs - cross site scripting
+[16 Sep 2002] DSA-167-1 kdelibs - cross site scripting
{CVE-2002-1151}
[woody] - kdelibs 4:2.2.2-13.woody.3
-[13 Sep 2002] DSA-166 purity - buffer overflows
+[13 Sep 2002] DSA-166-1 purity - buffer overflows
{CVE-2002-1124}
[woody] - purity 1-14.2
-[12 Sep 2002] DSA-165 postgresql - buffer overflows
+[12 Sep 2002] DSA-165-1 postgresql - buffer overflows
{CVE-2002-0972 CVE-2002-1398 CVE-2002-1400 CVE-2002-1401 CVE-2002-1402}
[woody] - postgresql 7.2.1-2woody2
-[10 Sep 2002] DSA-164 cacti - arbitrary code execution
+[10 Sep 2002] DSA-164-1 cacti - arbitrary code execution
{CVE-2002-1477 CVE-2002-1478}
[woody] - cacti 0.6.7-2.1
-[09 Sep 2002] DSA-163 mhonarc - cross site scripting
+[09 Sep 2002] DSA-163-1 mhonarc - cross site scripting
{CVE-2002-0738}
[woody] - mhonarc 2.5.2-1.1
-[06 Sep 2002] DSA-162 ethereal - buffer overflow
+[06 Sep 2002] DSA-162-1 ethereal - buffer overflow
{CVE-2002-0834}
[woody] - ethereal 0.9.4-1woody2
-[04 Sep 2002] DSA-161 mantis - privilege escalation
+[04 Sep 2002] DSA-161-1 mantis - privilege escalation
{CVE-2002-1115 CVE-2002-1116}
[woody] - mantis 0.17.1-2.5
-[03 Sep 2002] DSA-160 scrollkeeper - insecure temporary file creation
+[03 Sep 2002] DSA-160-1 scrollkeeper - insecure temporary file creation
{CVE-2002-0662}
[woody] - scrollkeeper 0.3.6-3.1
-[28 Aug 2002] DSA-159 python - insecure temporary files
+[28 Aug 2002] DSA-159-1 python - insecure temporary files
{CVE-2002-1119}
[woody] - python1.5 1.5.2-23.1
[woody] - python2.1 2.1.3-3.1
[woody] - python2.2 2.2.1-4.1
-[27 Aug 2002] DSA-158 gaim - arbitrary program execution
+[27 Aug 2002] DSA-158-1 gaim - arbitrary program execution
{CVE-2002-0989}
[woody] - gaim 0.58-2.2
-[23 Aug 2002] DSA-157 irssi-text - denial of service
+[23 Aug 2002] DSA-157-1 irssi-text - denial of service
{CVE-2002-0983}
[woody] - irssi-text 0.8.4-3.1
-[22 Aug 2002] DSA-156 epic4-script-light - arbitrary script execution
+[22 Aug 2002] DSA-156-1 epic4-script-light - arbitrary script execution
{CVE-2002-0984}
[woody] - epic4-script-light 2.7.30p5-1.1
-[17 Aug 2002] DSA-155 kdelibs - privacy escalation with Konqueror
+[17 Aug 2002] DSA-155-1 kdelibs - privacy escalation with Konqueror
{CVE-2002-0970}
[woody] - kdelibs 2.2.2-13.woody.2
-[15 Aug 2002] DSA-154 fam - privilege escalation
+[15 Aug 2002] DSA-154-1 fam - privilege escalation
{CVE-2002-0875}
[woody] - fam 2.6.6.1-5.2
-[14 Aug 2002] DSA-153 mantis - cross site code execution and privilege escalation
+[14 Aug 2002] DSA-153-1 mantis - cross site code execution and privilege escalation
{CVE-2002-1114 CVE-2002-1113 CVE-2002-1112 CVE-2002-1111 CVE-2002-1110}
[woody] - mantis 0.17.1-2.2
-[13 Aug 2002] DSA-152 l2tpd - missing random seed
+[13 Aug 2002] DSA-152-1 l2tpd - missing random seed
{CVE-2002-0872 CVE-2002-0873}
[woody] - l2tpd 0.67-1.1
-[13 Aug 2002] DSA-151 xinetd - pipe exposure
+[13 Aug 2002] DSA-151-1 xinetd - pipe exposure
{CVE-2002-0871}
[woody] - xinetd 1:2.3.4-1.2
-[13 Aug 2002] DSA-150 interchange - illegal file exposition
+[13 Aug 2002] DSA-150-1 interchange - illegal file exposition
{CVE-2002-0874}
[woody] - interchange 4.8.3.20020306-1.woody.1
-[13 Aug 2002] DSA-149 glibc - integer overflow
+[13 Aug 2002] DSA-149-1 glibc - integer overflow
{CVE-2002-0391}
[woody] - glibc 2.2.5-11.1
-[12 Aug 2002] DSA-148 hylafax - buffer overflows and format string vulnerabilities
+[12 Aug 2002] DSA-148-1 hylafax - buffer overflows and format string vulnerabilities
{CVE-2002-1049 CVE-2002-1050 CVE-2001-1034}
[woody] - hylafax 1:4.1.1-1.1
-[08 Aug 2002] DSA-147 mailman - cross-site scripting
+[08 Aug 2002] DSA-147-1 mailman - cross-site scripting
{CVE-2002-0388 CVE-2002-0855}
[woody] - mailman 2.0.11-1woody4
-[08 Aug 2002] DSA-146 dietlibc - integer overflow
+[08 Aug 2002] DSA-146-1 dietlibc - integer overflow
{CVE-2002-0391}
[woody] - dietlibc 0.12-2.4
-[07 Aug 2002] DSA-145 tinyproxy - doubly freed memory
+[07 Aug 2002] DSA-145-1 tinyproxy - doubly freed memory
{CVE-2002-0847}
[woody] - tinyproxy 1.4.3-2woody2
-[06 Aug 2002] DSA-144 wwwoffle - improper input handling
+[06 Aug 2002] DSA-144-1 wwwoffle - improper input handling
{CVE-2002-0818}
[woody] - wwwoffle 2.7a-1.2
-[05 Aug 2002] DSA-143 krb5 - integer overflow
+[05 Aug 2002] DSA-143-1 krb5 - integer overflow
{CVE-2002-0391}
[woody] - krb5 1.2.4-5woody1
-[05 Aug 2002] DSA-142 openafs - integer overflow
+[05 Aug 2002] DSA-142-1 openafs - integer overflow
{CVE-2002-0391}
[woody] - openafs 1.2.3final2-6
-[01 Aug 2002] DSA-141 mpack - buffer overflow
+[01 Aug 2002] DSA-141-1 mpack - buffer overflow
{CVE-2002-1425}
[woody] - mpack 1.5-7woody2
-[05 Aug 2002] DSA-140 libpng - buffer overflow
+[05 Aug 2002] DSA-140-1 libpng - buffer overflow
{CVE-2002-0660 CVE-2002-0728}
[woody] - libpng 1.0.12-3.woody.2
[woody] - libpng3 1.2.1-1.1.woody.2
-[01 Aug 2002] DSA-139 super - format string vulnerability
+[01 Aug 2002] DSA-139-1 super - format string vulnerability
{CVE-2002-0817}
[woody] - super 3.16.1-1.2
-[01 Aug 2002] DSA-138 gallery - remote exploit
+[01 Aug 2002] DSA-138-1 gallery - remote exploit
{CVE-2002-1412}
[woody] - gallery 1.2.5-7
-[30 Jul 2002] DSA-137 mm - insecure temporary files
+[30 Jul 2002] DSA-137-1 mm - insecure temporary files
{CVE-2002-0658}
[woody] - mm 1.1.3-6.1
-[30 Jul 2002] DSA-136 openssl - multiple remote exploits
+[30 Jul 2002] DSA-136-1 openssl - multiple remote exploits
{CVE-2002-0655 CVE-2002-0656 CVE-2002-0657 CVE-2002-0659}
[woody] - openssl094 0.9.4-6.woody.2
[woody] - openssl095 0.9.5a-6.woody.1
[woody] - openssl 0.9.6c-2.woody.1
-[02 Jul 2002] DSA-135 libapache-mod-ssl -- buffer overflow / DoS
+[02 Jul 2002] DSA-135-1 libapache-mod-ssl -- buffer overflow / DoS
{CVE-2002-0653}
[woody] - libapache-mod-ssl 2.8.9-2
=====================================
data/config.json
=====================================
@@ -93,7 +93,7 @@
]
},
"architectures": [ "amd64", "arm64", "armhf", "i386" ],
- "release": "oldstable"
+ "release": "oldoldstable"
},
"bookworm": {
"members": {
@@ -106,7 +106,7 @@
]
},
"architectures": [ "amd64", "arm64", "armel", "armhf", "i386", "mips64el", "mipsel", "ppc64el", "s390x" ],
- "release": "stable"
+ "release": "oldstable"
},
"trixie": {
"members": {
@@ -119,7 +119,7 @@
]
},
"architectures": [ "amd64", "arm64", "armel", "armhf", "i386", "ppc64el", "riscv64", "s390x" ],
- "release": "testing"
+ "release": "stable"
},
"forky": {
"members": {
@@ -130,7 +130,9 @@
"optional": [
"forky-proposed-updates"
]
- }
+ },
+ "architectures": [ "amd64", "arm64", "armel", "armhf", "i386", "ppc64el", "riscv64", "s390x" ],
+ "release": "testing"
},
"duke": {
"members": {
=====================================
data/dla-needed.txt
=====================================
@@ -31,11 +31,10 @@ adminer
NOTE: 20250507: as he had no hours for LTS but will release the updates to LTS first
NOTE: 20250507: and then to ELTS thereafter.
--
-angular.js (rouca)
- NOTE: 20250507: Added by Front-Desk (Beuc)
- NOTE: 20250507: Should we EOL this package? (Beuc/front-desk)
- NOTE: 20250507: https://lists.debian.org/debian-lts/2025/05/msg00013.html
- NOTE: 20250609: all CVEs fixed wait for crosscheck (rouca)
+amd64-microcode (tobi)
+ NOTE: 20250710: Added by Front-Desk (apo)
+ NOTE: 20250906: Reached out to maintainer, offering help.
+ NOTE: 20250906: Might need newer firmware on the computer or newer kernel (#1109035)
--
ansible
NOTE: 20240915: Added by Front-Desk (ta)
@@ -45,6 +44,9 @@ ansible
NOTE: 20241123: Made a partial release. only CVE-2024-11079 needed but more upstream backport work needed (rouca)
NOTE: 20250422: Testing/bisecting will take more time, please keep it assigned to me (lee)
--
+asterisk
+ NOTE: 20250830: Added by Front-Desk (rouca)
+--
busybox
NOTE: 20250425: Added by Front-Desk (rouca)
NOTE: 20250519: Asked maintainers about any pending work and offered help. (spwhitton)
@@ -56,35 +58,50 @@ ca-certificates
NOTE: 20250613: Lack some certificates #1095913 (rouca/FD)
NOTE: 20250613: Coordinate with bookworm PU if needed (rouca/FD)
NOTE: 20250613: Document carefully changes in backport, particularly removed certificates (rouca/FD)
+ NOTE: 20250731: will likely need an upload of ca-certificates-jave before and breaks/update (rouca)
+ NOTE: 20250731: WIP break piuparts (rouca)
+ NOTE: 20250801: Propose for review a ca-certificates-java (rouca)
+ NOTE: 20250811: upload ca-certificates-java (rouca)
+ NOTE: 20250811: wait for direction from security team about bookworm update first (rouca)
--
-ceph (bunk)
+ceph
NOTE: 20241205: Added by Front-Desk (santiago)
NOTE: 20241205: maintainer is preparing an update: https://lists.debian.org/debian-lts/2024/12/msg00008.html (santiago/front-desk)
NOTE: 20241221: Liasing with maintainer. (lamby)
NOTE: 20241231: Reviewing package with maintainer. (lamby)
+ NOTE: 20260815: Ask status to maintainer (rouca)
+--
+civetweb (ah)
+ NOTE: 20250830: Added by Front-Desk (rouca)
+ NOTE: 20250902: sid MR at https://salsa.debian.org/med-team/civetweb/-/merge_requests/1 (ah)
+ NOTE: 20250902: bullseye/11 not affected. Vulnerable code not introduced yet. See commit e61f60fa4dc731c68644303ab6326f347baa54f0 (ah)
--
ckeditor
NOTE: 20241002: Added by Front-Desk (Beuc)
NOTE: 20241002: Multiple CVEs have been piling up (Beuc/front-desk)
--
-djvulibre (bunk)
- NOTE: 20250707: Added by Front-Desk (apo)
---
dnsdist
NOTE: 20250521: Added by Front-Desk (Beuc)
NOTE: 20250521: Also fix postponed issue (Beuc/front-desk)
--
+docker.io
+ NOTE: 20250805: Added by Front-Desk (rouca)
+--
epiphany-browser
NOTE: 20250429: Added by Front-Desk (lamby)
NOTE: 20250429: Changes the UI to prompt when opening URLs in external applications. (lamby)
NOTE: 20250606: mark as ignored/end-of-life if webkit2gtk doesn't get updated (pochu)
--
+erlang
+ NOTE: 20250710: Added by Front-Desk (apo)
+ NOTE: 20250719: SPU in progress https://bugs.debian.org/1105009 (Beuc/front-desk)
+--
fastdds
NOTE: 20250303: Added by Front-Desk (rouca)
--
-ffmpeg (Adrian Bunk)
- NOTE: 20250629: Added by coordinator (santiago)
- NOTE: 20250629: There was a 4.3.9 security release (but all these security issues fixed in ffmpeg don't usually get CVE IDs assigned) (santiago)
+firefox-esr (Emilio)
+ NOTE: 20250822: Added by pochu
+ NOTE: 20250822: working on the toolchain for ESR 140 (pochu)
--
firmware-nonfree
NOTE: 20241011: Added by Front-Desk (pochu)
@@ -99,6 +116,11 @@ freeimage
NOTE: 20240922: Many postponed CVE.
NOTE: 20241202: still WIP (santiago)
--
+gdk-pixbuf
+ NOTE: 20250713: Added by Front-Desk (apo)
+ NOTE: 20250714: CVE-2025-7345: smvc asks us to wait / help with a regression report:
+ NOTE: 20250714: https://bugs.debian.org/1109262
+--
gimp
NOTE: 20250410: Added by Front-Desk (Beuc)
NOTE: 20250410: CVE-2025-2760 may need a custom patch as upstream now focuses on gimp3,
@@ -107,8 +129,11 @@ gimp
NOTE: 20250509: https://gitlab.gnome.org/GNOME/gimp/-/issues/12790#note_2328950
NOTE: 20250616: In discussion with upstream regarding CVE-2025-2760 (bunk)
--
-git
+git (lee)
NOTE: 20250709: Added by Front-Desk (apo)
+ NOTE: 20250710: Asked maintainer (Jonathan Nieder) via mail which packages in sid/trixie/bookworm they'd like to upload themselves.
+ NOTE: 20250710: trixie needs to go through t-p-u because sid for some reason has a higher upstream release.
+ NOTE: 20250731: NMU uploaded to unstable and t-p-u update submitted. (bunk)
--
golang-github-gorilla-csrf
NOTE: 20250422: Added by Front-Desk (rouca)
@@ -118,10 +143,10 @@ golang-github-gorilla-csrf
NOTE: 20250621: https://buildd.debian.org/status/package.php?p=golang-github-alecthomas-chroma&suite=bullseye-security
NOTE: 20250621: still stuck at Uploaded phase, probably due to missing sources at security.debian.org (Beuc)
--
-golang-golang-x-net (ah)
- NOTE: 20250502: Added by Front-Desk (lamby)
- NOTE: 20250502: NB. golang - will need to check and schedule binNMUs. (lamby)
- NOTE: 20250621: https://salsa.debian.org/go-team/packages/golang-golang-x-net/-/commits/debian/bullseye (ah)
+goldendict
+ NOTE: 20250723: Added by Front-Desk (ta)
+ NOTE: 20250723: there is no upstream fix yet
+ NOTE: 20250723: package has been renamed to goldendict-ng
--
grub2
NOTE: 20250105: Added by Front-Desk (apo)
@@ -156,17 +181,35 @@ icingaweb2
NOTE: 20250603: I also saw in the release log that multiple issues were fixed without mentioning any CVE (dleidert)
NOTE: 20250603: upstream should be asked about the patches for CVE 2025-* (dleidert)
--
+intel-microcode
+ NOTE: 20250813: Added by Front-Desk (lamby)
+ NOTE: 20250821: DSA/PU planned; wait for DSA/PU and coordinate with maintainer (dleidert)
+--
jackson-core
NOTE: 20250707: Added by Front-Desk (apo)
--
-jgit
- NOTE: 20250614: Added by Front-Desk (rouca)
+jetty9 (bunk)
+ NOTE: 20250827: Added by Front-Desk (rouca)
--
knot-resolver
NOTE: 20240924: Added by Front-Desk (lamby)
NOTE: 20250506: Writting to upstream to get a PoC to reproduce open CVEs.
NOTE: 20250522: Processing some tips received by upstream to try to reproduce CVE. Still working on the patches.
--
+lemonldap-ng
+ NOTE: 20250813: Added by Front-Desk (lamby)
+ NOTE: 20250813: CVE-2024-52948 was marked as <postponed>, but fixed in bookworm. (lamby)
+--
+libcpanel-json-xs-perl
+ NOTE: 20250910: Added by Front-Desk (pochu)
+--
+libjson-xs-perl
+ NOTE: 20250910: Added by Front-Desk (pochu)
+--
+libphp-adodb (Abhijith PA)
+ NOTE: 20250807: Added by Front-Desk (rouca)
+ NOTE: 20250807: Fix other CVEs and try to propose a PU (rouca)
+--
libsoup2.4
NOTE: 20250408: Added by Front-Desk (Beuc)
NOTE: 20250427: libsoup2.4 2.72.0-2+deb11u2 (bullseye) uploaded ...
@@ -191,9 +234,9 @@ libsoup2.4
NOTE: 20250520: than me with getting the backported tests to run. (spwhitton)
--
libxml2 (guilhem)
- NOTE: 20250613: Added by Front-Desk (rouca)
- NOTE: 20250613: get in sync with DSA/bookworm (rouca/FD)
- NOTE: 20250630: Waiting for upstream to give feedback and merge some fixes (guilhem)
+ NOTE: 20250907: Added by Front-Desk (apo)
+ NOTE: 20250907: Currently insufficient information for CVE-2025-26434 but is
+ NOTE: 20250907: affected by CVE-2025-9714.
--
libxmltok
NOTE: 20250421: Added by Front-Desk (ta)
@@ -201,21 +244,22 @@ libxmltok
NOTE: 20250421: Fixing the expat copy in xmlrpc-c at the same time would make sense. (bunk)
NOTE: 20250505: WIP there are lots of CVEs to review (ta)
--
+libxslt (guilhem)
+ NOTE: 20250717: Added by Front-Desk (Beuc)
+ NOTE: 20250717: Upcoming DSA ("wait until the [Apple] patches are merged upstream") (Beuc/front-desk)
+--
linux (Ben Hutchings)
NOTE: 20230111: Perma-added, Linux package specifically delegated to bwh (LTS Team)
--
-mediawiki (guilhem)
- NOTE: 20250412: Added by Front-Desk (Beuc)
- NOTE: 20250412: Upcoming DSA (Beuc/front-desk)
- NOTE: 20250621: bookworm currently following micro-releases for 1.39 (EOL 2025-11)
- NOTE: 20250621: bullseye followed 1.35 (EOL 2023-12), all open CVEs would need individual backport (Beuc)
+log4cxx
+ NOTE: 20250831: Added by Front-Desk (rouca)
--
mimetex
NOTE: 20250422: Added by Front-Desk (rouca)
NOTE: 20250629: There doesn't seem to be a fix so far according to #1103801 (dleidert)
NOTE: 20250629: Best course of action seems to be some kind of mitigation similar to https://moodle.org/mod/forum/discuss.php?d=467592 (dleidert)
--
-nagvis (dleidert)
+nagvis
NOTE: 20250117: Added by Front-Desk (rouca)
NOTE: 20250119: Also check/fix https://bugs.debian.org/1061044
NOTE: 20250119: when testing your fix for bookworm. (bunk)
@@ -225,9 +269,14 @@ nagvis (dleidert)
NOTE: 20250629: Next DLA for 2 new issues has been released (dleidert)
NOTE: 20250629: PU is ready and will be tested before sending the PU request (dleidert)
--
-nextcloud-desktop (abhijith)
+netty
+ NOTE: 20250814: Added by Front-Desk (lamby)
+--
+nextcloud-desktop (Abhijith PA)
NOTE: 20250521: Added by Front-Desk (Beuc)
NOTE: 20250521: Many postponed vulnerabilities to fix (Beuc/front-desk)
+ NOTE: 20250818: Fixed CVE-2022-39331 CVE-2022-39332 CVE-2022-39333 CVE-2022-39334 (abhijith)
+ NOTE: 20250902: Almost upload ready (abhijith)
--
node-axios
NOTE: 20250308: Added by Front-Desk (rouca)
@@ -235,16 +284,30 @@ node-axios
node-prismjs
NOTE: 20250303: Added by Front-Desk (rouca)
--
+node-sha.js
+ NOTE: 20250830: Added by Front-Desk (rouca)
+--
+nova
+ NOTE: 20250908: Added by Front-Desk (apo)
+ NOTE: 20250908: See also watcher. Consider fixing postponed issues and sync
+ NOTE: 20250908: with bookworm. (apo)
+--
nvidia-cuda-toolkit
NOTE: 20241004: Added by Front-Desk (Beuc)
--
-nvidia-graphics-drivers (tobi)
+nvidia-graphics-drivers
NOTE: 20250505: Added by Front-Desk (Beuc)
NOTE: 20250505: Non-free, but sponsored (Beuc/front-desk)
NOTE: 20250623: Reached out to maintainer, asking for some input on several CVEs. (tobi)
NOTE: 20250630: With reply from maintainer, tiraged some CVEs accordingly and updated the security tracker (tobi)
NOTE: 20250707: Maintainer offered to prepare a backport of upstream R515, offered to test them, after DebConf (tobi)
--
+nvidia-graphics-drivers-legacy-390xx
+ NOTE: 20250908: Added by Front-Desk (apo)
+--
+openafs-client (ta)
+ NOTE: 20250830: added by FD (rouca) following regression #1112462
+--
opencryptoki
NOTE: 20250505: Added by Front-Desk (Beuc)
NOTE: 20250505: For CVE-2024-0914 ("Marvin Attack"),
@@ -252,6 +315,9 @@ opencryptoki
NOTE: 20250505: https://github.com/opencryptoki/opencryptoki/issues/731#issuecomment-1851436555
NOTE: 20250505: Cf. #1104729 to determine whether to fix or ignore this in all dists (Beuc/front-desk)
--
+p7zip-rar
+ NOTE: 20250719: Added by Front-Desk (Beuc)
+--
pagure
NOTE: 20250117: Added by Front-Desk (rouca)
NOTE: 20250119: Coordinate with ds (rouca/FD)
@@ -263,6 +329,7 @@ pagure
--
pam
NOTE: 20250707: Added by Front-Desk (apo)
+ NOTE: 20250806: Waiting for review (rouca)
--
pgagent
NOTE: 20250117: Added by Front-Desk (rouca)
@@ -273,6 +340,7 @@ pgpool2
NOTE: 20250520: Upcoming DSA.
NOTE: 20250520: Coordinate with myon who might have prepared an update already,
NOTE: 20250520: in which case we can do the DLA announcement/paperwork (Beuc/front-desk)
+ NOTE: 20250803: Pinged maintainer, no update prepared yet. (abhijith)
--
php-horde-css-parser
NOTE: 20250506: Added by Front-Desk (Beuc)
@@ -284,6 +352,24 @@ php-laravel-framework
php-league-commonmark
NOTE: 20250609: Added by Front-Desk (rouca)
--
+pypy3
+ NOTE: 20250718: Added by Front-Desk (Beuc)
+ NOTE: 20250718: Sponsored through pypy[v2] which is obsoleted in bullseye.
+ NOTE: 20250718: Many postponed vulnerabilities, sync python3 fixes. (Beuc/front-desk)
+--
+python-django (Chris Lamb)
+ NOTE: 20250906: Added by Front-Desk (apo)
+--
+python-future (Chris Lamb)
+ NOTE: 20250827: Added by Front-Desk (rouca)
+ NOTE: 20250827: EOL superseded in recent release but not in older release (rouca)
+ NOTE: 20250827: Please fix also other no-dsa issue (rouca)
+ NOTE: 20250827: Please do a PU for bookworm (rouca)
+ NOTE: 20250910: Awaiting determination on CVE-2025-50817. (lamby)
+--
+python-internetarchive
+ NOTE: 20250910: Added by Front-Desk (pochu)
+--
pytorch (dleidert)
NOTE: 20250422: Added by Front-Desk (rouca)
NOTE: 20250422: CVE-2025-32434 RCE need to be fixed. DoS may be postponed (rouca/FD)
@@ -293,6 +379,9 @@ qtbase-opensource-src
NOTE: 20250520: Follow fixes from bookworm 12.11 (CVE-2024-39936)
NOTE: 20250520: We don't seem affected by the non-CVE crash fix #1081682 (Beuc/front-desk)
--
+r-cran-gh
+ NOTE: 20250808: Added by Front-Desk (rouca)
+--
rails
NOTE: 20250105: Added by Front-Desk (apo)
NOTE: 20250305: Utkarsh uploaded the CVE fixes to unstable via rails/7.2.2.1. (utkarsh)
@@ -300,38 +389,28 @@ rails
NOTE: 20250621: rails DSA uploaded the last 6.1 release before EOL (2024-11)
NOTE: 20250621: 6.0 branch is EOL (2023-06) so all open CVEs need individual backport (Beuc)
--
-ruby-graphql
- NOTE: 20250422: Added by Front-Desk (rouca)
---
-snapcast (dleidert)
- NOTE: 20250118: Added by Front-Desk (rouca)
- NOTE: 20250119: Upstream just re-added a secured Stream.AddStream functionality to fix CVE-2023-36177, but hasn't released it yet (dleidert)
- NOTE: 20250119: That seems to be a better fix than just removing the functionality as done in the initial patch (dleidert)
- NOTE: 20250119: Returning to pool until this has been tested and released into Sid/Trixie (dleidert)
- NOTE: 20250106: Fixed in Sid/Trxie via version 0.31 (dleidert)
+shibboleth-sp
+ NOTE: 20250907: Added by Front-Desk (apo)
--
sogo
NOTE: 20240922: Added by Front-Desk (apo)
NOTE: 20240922: See also postponed issues.
NOTE: 20250609: Please take care of vulnerable embed js (rouca)
--
-sslh (Chris Lamb)
- NOTE: 20250609: Added by Front-Desk (rouca)
+spim
+ NOTE: 20250830: Added by Front-Desk (rouca)
--
-suricata
- NOTE: 20250331: re added to fix next bunch of CVEs (ta)
- NOTE: 20250420: WIP taking care of postponed CVEs
+squid
+ NOTE: 20250805: Added by Front-Desk (rouca)
+ NOTE: 20250815: will need to fix CVE-2023-5824
+ NOTE: 20250821: DSA 5982-1 released fixing CVE-2023-5824 and CVE-2025-54574 (dleidert)
--
-systemd (charles)
- NOTE: 20250530: Added by Front-Desk (pochu)
- NOTE: 20250616: Going back to this after initial work. Had to switch to curl
- NOTE: 20250616: to fix some unforeseen regression before finishing systemd's
- NOTE: 20250616: fix.
- NOTE: 20250627: Mail to mailing list with proposed fix and inquiry about
- NOTE: 20250627: buffer overflow issue (https://lists.debian.org/debian-lts/2025/06/msg00035.html)
+suricata (Thorsten Alteholz)
+ NOTE: 20250331: re added to fix next bunch of CVEs (ta)
+ NOTE: 20250825: testing package (ta)
--
-tomcat9
- NOTE: 20250613: Added by maintainer (apo)
+tika
+ NOTE: 20250831: Added by Front-Desk (rouca)
--
trafficserver
NOTE: 20241120: Added by Front-Desk (Beuc)
@@ -350,6 +429,24 @@ u-boot (dleidert)
NOTE: 20250501: DLA released; will do another round for remaining two issues (dleidert)
NOTE: 20250601: WIP, patches for CVE-2021-27097 and CVE-2021-27138 prepped, but test fails (dleidert)
NOTE: 20250629: WIP, problem fixed; testing required before DLA can be released (dleidert)
+ NOTE: 20250831: waiting for feedback from testers (dleidert)
+--
+varnish
+ NOTE: 20250906: Added by Front-Desk (apo)
+--
+watcher
+ NOTE: 20250908: Added by Front-Desk (apo)
+ NOTE: 20250908: See also nova. (apo)
+--
+wolfssl
+ NOTE: 20250807: Added by Front-Desk (rouca)
+ NOTE: 20250825: I attempted backporting the fixes, but the code diverged significantly.
+ NOTE: 20250825: Backporting is difficult withing prior knowledge of the codebase. (paride)
+--
+wordpress (Utkarsh)
+ NOTE: 20250804: Added by Front-Desk (rouca)
+ NOTE: 20250804: Sync with DSA (rouca)
+ NOTE: 20250902: prepped DSA update, will sync w/ Security and then release DLA. (utkarsh)
--
xmlrpc-c
NOTE: 20250411: Added by Front-Desk (Beuc)
@@ -361,3 +458,6 @@ xmlrpc-c
NOTE: 20250705: Ping'd secteam asking for current bookworm plans. (Beuc)
NOTE: 20250705: https://lists.debian.org/debian-lts/2025/07/msg00006.html
--
+zulucrypt
+ NOTE: 20250727: Added by Front-Desk (ta)
+--
=====================================
data/dsa-needed.txt
=====================================
@@ -12,58 +12,73 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source package.
--
-ark (jmm)
+amd64-microcode (carnil)
+ Coordinating with maintainer DSA/bookworm-pu and sync with mitgations in src:linux
--
-commons-vfs (apo)
+ark/oldstable (jmm)
--
-frr
+cjson (jmm)
+--
+frr/oldstable
coordination with the maintainer ongoing, Daniel Baumann proposing an update
--
-gh
+cpp-httplib
+ Maintainer preparing updates, waiting for feedback on bookworm status
+--
+gh/oldstable
Santiago Vila might work on preparing an update
--
-guix
+intel-microcode (carnil)
+ Expose fixes first in unstable, evaluate with maintainer proposed-updates or DSA
--
jackson-core
--
-libreswan
+jetty9/oldstable
+--
+jetty12/stable
+--
+libreswan/oldstable
Waiting on feedback from maintainer
--
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more 6.1.y versions
--
-netty
+mbedtls/oldstable
--
-nodejs
- Bastien Roucaries (rouca) showed interest to prepare an update and is working on it
+netty
--
-opennds
+opennds/oldstable
pinged maintainer, but no reply yet. should most probably be bumped to 10.x
--
-pagure
---
-pgpool2 (aron)
+pagure/oldstable (jmm)
--
-php-laravel-framework
+php-laravel-framework/oldstable
--
python-django
- Chris is working on it
--
-ruby-rack
+python-internetarchive
+ Antoine followed up on #1114635, needs handling both in trixie and bookworm
+--
+rtpengine
--
-ruby-saml
+ruby-rack/oldstable
+--
+ruby-saml/oldstable
Utkarsh Gupta might work on an update
--
-sogo
+sogo/oldstable
+--
+sympa/oldstable
--
-sympa
+tomcat10/oldstable
--
-tomcat10
+tomcat11/stable
--
wordpress
+ Utkarsh Gupta proposed to work on an update
--
xen
--
-zabbix
+zabbix/oldstable
--
=====================================
data/embedded-code-copies
=====================================
@@ -462,7 +462,7 @@ ckeditor
- sogo 5.11.0-1
NOTE: sogo switched to ckeditor5 in SOGo-5.11.0
-ckeditor5 (not packaged for debian)
+ckeditor5 (not packaged in Debian)
- sogo <unfixed> (embed; bug #1104813)
fckeditor
@@ -1376,7 +1376,7 @@ linux
- linux-grsec <removed> (fork)
NOTE: based on the src:linux package, includes grsecurity patchset, not targeted to stable
-libfdt (not yet packaged separately for debian; http://www.jdl.com/software/)
+libfdt (not yet packaged separately in Debian; http://www.jdl.com/software/)
- kvm <removed> (embed) [./libfdt/*]
- qemu-kvm <unfixed> (embed) [./libfdt/*]
@@ -1673,18 +1673,16 @@ python2.7
python3.6
- zodbpickle <unfixable> (fork)
NOTE: embeds outdated stdlib modules: pickle, cpickle
-
-python3.7
- pypy3 <unfixable> (fork)
- NOTE: embeds stdlib
+ NOTE: pypy3/bullseye embeds stdlib 3.6.9
-python3.8
+python3.9
- pypy3 <unfixable> (fork)
- NOTE: embeds stdlib
+ NOTE: pypy3/bookworm embeds stdlib 3.9.16
-python3.9
+python3.11
- pypy3 <unfixable> (fork)
- NOTE: embeds stdlib
+ NOTE: pypy3/trixie embeds stdlib 3.11.11
argparse
- twill <unfixed> (embed; bug #555347)
@@ -3336,7 +3334,7 @@ convertUTF (not packaged, dead and claimed buggy upstream, violates DFSG - see b
- llvm-toolchain-snapshot <unfixed> (embed)
- mednafen <unfixed> (embed)
- mrpt <unfixed> (embed)
- - mysql-workbench <unfixed> (embed)
+ - mysql-workbench <removed> (embed)
- netcdf <unfixed> (embed)
- openalpr <unfixed> (embed)
- opencollada <unfixed> (embed)
@@ -3785,6 +3783,10 @@ rich
- python-pip <unfixable> (embed)
NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+python-typing-extensions
+ - python-pip 25.2+dfsg-1 (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
asterisk
- pjproject <unfixed> (embed)
@@ -3871,16 +3873,16 @@ angular.js
- python-xstatic-angular <unfixed> (embed; bug #1104818)
- sogo <unfixed> (embed; bug #1104813)
-angular.js-material (not packaged for debian https://github.com/angular/material EOL since 2022)
+angular.js-material (not packaged in Debian; https://github.com/angular/material EOL since 2022)
- sogo <unfixed> (embed; bug #1104813)
node-lodash
- sogo <unfixed> (embed; bug #1104813)
-mark.js (not packaged for debian https://markjs.io/)
+mark.js (not packaged in Debian; https://markjs.io/)
- sogo <unfixed> (embed; bug #1104813)
-node-ng-sortable (not packaged for debian https://github.com/a5hik/ng-sortable depends of EOL angular)
+node-ng-sortable (not packaged in Debian https://github.com/a5hik/ng-sortable depends of EOL angular)
- sogo <unfixed> (embed; bug #1104813)
node-punycode
@@ -3888,3 +3890,15 @@ node-punycode
node-qrcode-generator
- sogo <unfixed> (embed; bug #1104813)
+
+ggml
+ - llama.cpp <unfixed> (embed)
+ - whisper.cpp <itp> (embed)
+ NOTE: Built in source package but not used from built, cf #1109124
+ NOTE: Might not be viable to be used as standalone source in future
+
+fpdi (not packaged in Debian)
+ - icingaweb2-module-pdfexport <unfixed> (embed)
+
+libucl (not packaged in Debian)
+ - rspamd <unfixed> (embed)
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -1,10 +1,116 @@
-CVE-2021-3654
- [bullseye] - nova 2:22.2.2-1+deb11u1
-CVE-2021-24119
- [bullseye] - mbedtls 2.16.12-0+deb11u1
-CVE-2021-44732
- [bullseye] - mbedtls 2.16.12-0+deb11u1
-CVE-2022-22995
- [bullseye] - netatalk 3.1.12~ds-8+deb11u2
-CVE-2024-5629
- [bullseye] - pymongo 3.11.0-1+deb11u1
+CVE-2024-39329
+ [bookworm] - python-django 3:3.2.19-1+deb12u2
+CVE-2024-39330
+ [bookworm] - python-django 3:3.2.19-1+deb12u2
+CVE-2024-39614
+ [bookworm] - python-django 3:3.2.19-1+deb12u2
+CVE-2024-41989
+ [bookworm] - python-django 3:3.2.19-1+deb12u2
+CVE-2024-41991
+ [bookworm] - python-django 3:3.2.19-1+deb12u2
+CVE-2024-42005
+ [bookworm] - python-django 3:3.2.19-1+deb12u2
+CVE-2023-39350
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2023-39351
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2023-39352
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2023-39353
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2023-39354
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2023-39356
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2023-40181
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2023-40186
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2023-40188
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2023-40567
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2023-40569
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2023-40589
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2024-22211
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2024-32039
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2024-32040
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2024-32041
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2024-32458
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2024-32459
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2024-32460
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2024-32658
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2024-32659
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2024-32660
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2024-32661
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
+CVE-2025-30224
+ [bookworm] - mydumper 0.10.1-1+deb12u2
+CVE-2025-1647
+ [bookworm] - twitter-bootstrap3 3.4.1+dfsg-3+deb12u2
+CVE-2025-4215
+ [bookworm] - ublock-origin 1.62.0+dfsg-0+deb12u1
+CVE-2023-28755
+ [bookworm] - ruby3.1 3.1.7-1~deb12u1
+CVE-2023-28756
+ [bookworm] - ruby3.1 3.1.7-1~deb12u1
+CVE-2024-27282
+ [bookworm] - ruby3.1 3.1.7-1~deb12u1
+CVE-2024-27281
+ [bookworm] - ruby3.1 3.1.7-1~deb12u1
+CVE-2024-27280
+ [bookworm] - ruby3.1 3.1.7-1~deb12u1
+CVE-2025-27219
+ [bookworm] - ruby3.1 3.1.7-1~deb12u1
+CVE-2025-27220
+ [bookworm] - ruby3.1 3.1.7-1~deb12u1
+CVE-2025-27221
+ [bookworm] - ruby3.1 3.1.7-1~deb12u1
+CVE-2022-25844
+ [bookworm] - angular.js 1.8.3-1+deb12u1
+CVE-2023-26116
+ [bookworm] - angular.js 1.8.3-1+deb12u1
+CVE-2023-26117
+ [bookworm] - angular.js 1.8.3-1+deb12u1
+CVE-2023-26118
+ [bookworm] - angular.js 1.8.3-1+deb12u1
+CVE-2024-8372
+ [bookworm] - angular.js 1.8.3-1+deb12u1
+CVE-2024-8373
+ [bookworm] - angular.js 1.8.3-1+deb12u1
+CVE-2024-21490
+ [bookworm] - angular.js 1.8.3-1+deb12u1
+CVE-2025-0716
+ [bookworm] - angular.js 1.8.3-1+deb12u1
+CVE-2025-2336
+ [bookworm] - angular.js 1.8.3-1+deb12u1
+CVE-2025-23279
+ [bookworm] - nvidia-graphics-drivers 535.261.03-1
+CVE-2025-23286
+ [bookworm] - nvidia-graphics-drivers 535.261.03-1
+CVE-2025-23279
+ [bookworm] - nvidia-open-gpu-kernel-modules 535.261.03-1
+CVE-2025-23286
+ [bookworm] - nvidia-open-gpu-kernel-modules 535.261.03-1
+CVE-2025-54571
+ [bookworm] - modsecurity-apache 2.9.7-1+deb12u2
+CVE-2024-33452
+ [bookworm] - libnginx-mod-http-lua 1:0.10.23-1+deb12u1
+CVE-2025-48924
+ [bookworm] - libcommons-lang-java 2.6-10+deb12u1
+CVE-2024-23837
+ [bookworm] - libhtp 1:0.5.42-1+deb12u1
+CVE-2024-45797
+ [bookworm] - libhtp 1:0.5.42-1+deb12u1
=====================================
data/next-point-update.txt
=====================================
@@ -1,198 +1,35 @@
-CVE-2025-46712
- [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u2
-CVE-2025-4748
- [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u2
-CVE-2025-46397
- [bookworm] - fig2dev 1:3.2.8b-3+deb12u2
-CVE-2025-46398
- [bookworm] - fig2dev 1:3.2.8b-3+deb12u2
-CVE-2025-46399
- [bookworm] - fig2dev 1:3.2.8b-3+deb12u2
-CVE-2025-46400
- [bookworm] - fig2dev 1:3.2.8b-3+deb12u2
-CVE-2024-39329
- [bookworm] - python-django 3:3.2.19-1+deb12u2
-CVE-2024-39330
- [bookworm] - python-django 3:3.2.19-1+deb12u2
-CVE-2024-39614
- [bookworm] - python-django 3:3.2.19-1+deb12u2
-CVE-2024-41989
- [bookworm] - python-django 3:3.2.19-1+deb12u2
-CVE-2024-41991
- [bookworm] - python-django 3:3.2.19-1+deb12u2
-CVE-2024-42005
- [bookworm] - python-django 3:3.2.19-1+deb12u2
-CVE-2023-39350
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2023-39351
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2023-39352
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2023-39353
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2023-39354
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2023-39356
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2023-40181
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2023-40186
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2023-40188
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2023-40567
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2023-40569
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2023-40589
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2024-22211
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2024-32039
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2024-32040
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2024-32041
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2024-32458
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2024-32459
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2024-32460
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2024-32658
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2024-32659
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2024-32660
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2024-32661
- [bookworm] - freerdp2 2.11.7+dfsg1-6deb12u1
-CVE-2024-45234
- [bookworm] - fort-validator 1.5.4-1+deb12u1
-CVE-2024-45235
- [bookworm] - fort-validator 1.5.4-1+deb12u1
-CVE-2024-45236
- [bookworm] - fort-validator 1.5.4-1+deb12u1
-CVE-2024-45237
- [bookworm] - fort-validator 1.5.4-1+deb12u1
-CVE-2024-45238
- [bookworm] - fort-validator 1.5.4-1+deb12u1
-CVE-2024-45239
- [bookworm] - fort-validator 1.5.4-1+deb12u1
-CVE-2024-48943
- [bookworm] - fort-validator 1.5.4-1+deb12u1
-CVE-2022-37660
- [bookworm] - wpa 2:2.10-12+deb12u3
-CVE-2023-52425
- [bookworm] - expat 2.5.0-1+deb12u2
-CVE-2024-50602
- [bookworm] - expat 2.5.0-1+deb12u2
-CVE-2024-8176
- [bookworm] - expat 2.5.0-1+deb12u2
-CVE-2024-8376
- [bookworm] - mosquitto 2.0.11-1.2+deb12u2
-CVE-2024-3935
- [bookworm] - mosquitto 2.0.11-1.2+deb12u2
-CVE-2024-10525
- [bookworm] - mosquitto 2.0.11-1.2+deb12u2
-CVE-2025-27221
- [bookworm] - rubygems 3.3.15-2+deb12u1
-CVE-2023-28755
- [bookworm] - rubygems 3.3.15-2+deb12u1
-CVE-2025-32776
- [bookworm] - openrazer 3.5.1+dfsg-2+deb12u1
-CVE-2025-46337
- [bookworm] - libphp-adodb 5.21.4-1+deb12u1
-CVE-2023-52969
- [bookworm] - mariadb 1:10.11.13-0+deb12u1
-CVE-2023-52970
- [bookworm] - mariadb 1:10.11.13-0+deb12u1
-CVE-2023-52971
- [bookworm] - mariadb 1:10.11.13-0+deb12u1
-CVE-2025-30693
- [bookworm] - mariadb 1:10.11.13-0+deb12u1
-CVE-2025-30722
- [bookworm] - mariadb 1:10.11.13-0+deb12u1
-CVE-2025-3576
- [bookworm] - krb5 1.20.1-2+deb12u4
-CVE-2025-27773
- [bookworm] - simplesamlphp 1.19.7-1+deb12u2
-CVE-2025-47203
- [bookworm] - dropbear 2022.83-1+deb12u3
-CVE-2024-57823
- [bookworm] - raptor2 2.0.15-4+deb12u1
-CVE-2024-57822
- [bookworm] - raptor2 2.0.15-4+deb12u1
-CVE-2024-5569
- [bookworm] - python-zipp 1.0.0-6+deb12u1
-CVE-2025-27516
- [bookworm] - jinja2 3.1.2-1+deb12u3
-CVE-2025-43961
- [bookworm] - libraw 0.20.2-2.1+deb12u1
-CVE-2025-43962
- [bookworm] - libraw 0.20.2-2.1+deb12u1
-CVE-2025-43963
- [bookworm] - libraw 0.20.2-2.1+deb12u1
-CVE-2025-43964
- [bookworm] - libraw 0.20.2-2.1+deb12u1
-CVE-2025-47273
- [bookworm] - setuptools 66.1.1-1+deb12u2
-CVE-2025-4802
- [bookworm] - glibc 2.36-9+deb12u11
-CVE-2025-30224
- [bookworm] - mydumper 0.10.1-1+deb12u2
-CVE-2025-3818
- [bookworm] - webpy 1:0.62-4+deb12u1
-CVE-2025-40908
- [bookworm] - libyaml-libyaml-perl 0.86+ds-1+deb12u1
-CVE-2024-50624
- [bookworm] - kmail-account-wizard 4:22.12.3-1+deb12u1
-CVE-2025-1647
- [bookworm] - twitter-bootstrap3 3.4.1+dfsg-3+deb12u2
-CVE-2025-30472
- [bookworm] - corosync 3.1.7-1+deb12u1
-CVE-2024-12905
- [bookworm] - node-tar-fs 2.1.3-0+deb12u1
-CVE-2025-48387
- [bookworm] - node-tar-fs 2.1.3-0+deb12u1
-CVE-2025-4215
- [bookworm] - ublock-origin 1.62.0+dfsg-0+deb12u1
-CVE-2023-26819
- [bookworm] - cjson 1.7.15-1+deb12u3
-CVE-2023-53154
- [bookworm] - cjson 1.7.15-1+deb12u3
-CVE-2024-56161
- [bookworm] - amd64-microcode 3.20250311.1~deb12u1
-CVE-2024-1681
- [bookworm] - python-flask-cors 3.0.10-2+deb12u1
-CVE-2024-6866
- [bookworm] - python-flask-cors 3.0.10-2+deb12u1
-CVE-2024-6839
- [bookworm] - python-flask-cors 3.0.10-2+deb12u1
-CVE-2024-6844
- [bookworm] - python-flask-cors 3.0.10-2+deb12u1
-CVE-2023-28755
- [bookworm] - ruby3.1 3.1.7-1~deb12u1
-CVE-2023-28756
- [bookworm] - ruby3.1 3.1.7-1~deb12u1
-CVE-2024-27282
- [bookworm] - ruby3.1 3.1.7-1~deb12u1
-CVE-2024-27281
- [bookworm] - ruby3.1 3.1.7-1~deb12u1
-CVE-2024-27280
- [bookworm] - ruby3.1 3.1.7-1~deb12u1
-CVE-2025-27219
- [bookworm] - ruby3.1 3.1.7-1~deb12u1
-CVE-2025-27220
- [bookworm] - ruby3.1 3.1.7-1~deb12u1
-CVE-2025-27221
- [bookworm] - ruby3.1 3.1.7-1~deb12u1
-CVE-2025-20128
- [bookworm] - clamav 1.0.9+dfsg-1~deb12u1
-CVE-2025-20260
- [bookworm] - clamav 1.0.9+dfsg-1~deb12u1
-CVE-2024-33899
- [bookworm] - rar 2:7.01-1~deb12u1
-CVE-2021-25743
- [bookworm] - kubernetes 1.20.5+really1.20.2-1.1
+CVE-2025-50420
+ [trixie] - poppler 25.03.0-5+deb13u2
+CVE-2025-48924
+ [trixie] - libcommons-lang-java 2.6-10+deb13u1
+CVE-2025-54571
+ [trixie] - modsecurity-apache 2.9.11-1+deb13u1
+CVE-2025-XXXX [OSSN-0094]
+ [trixie] - nova 2:31.0.0-6+deb13u1
+ [trixie] - watcher 14.0.0-1+deb13u1
+CVE-2025-58068
+ [trixie] - python-eventlet 0.39.1-2+deb13u1
+CVE-2025-55014
+ [trixie] - stardict 3.0.7+git20220909+dfsg-8~deb13u1
+CVE-2025-53510
+ [trixie] - sail 0.9.8-1+deb13u1
+CVE-2025-32468
+ [trixie] - sail 0.9.8-1+deb13u1
+CVE-2025-35984
+ [trixie] - sail 0.9.8-1+deb13u1
+CVE-2025-46407
+ [trixie] - sail 0.9.8-1+deb13u1
+CVE-2025-50129
+ [trixie] - sail 0.9.8-1+deb13u1
+CVE-2025-52456
+ [trixie] - sail 0.9.8-1+deb13u1
+CVE-2025-52930
+ [trixie] - sail 0.9.8-1+deb13u1
+CVE-2025-53085
+ [trixie] - sail 0.9.8-1+deb13u1
+CVE-2025-3573
+ [trixie] - phpmyadmin 4:5.2.2-really+dfsg-1deb13u1
+CVE-2025-50200
+ [trixie] - rabbitmq-server 4.0.5-6+deb13u2
+CVE-2025-53537
+ [trixie] - libhtp 1:0.5.50-1+deb13u1
=====================================
data/packages/fixes-via-micro-releases.txt
=====================================
@@ -7,6 +7,7 @@
# in general
amd64-microcode
+apache2
chromium
firefox-esr
intel-microcode
=====================================
data/packages/nfu.yaml
=====================================
@@ -13,6 +13,8 @@
cna: AMZN
- reason: AMI
cna: AMI
+- reason: Android
+ cna: google_android
- reason: Apple
cna: apple
- reason: ASR Microelectronics
@@ -53,6 +55,8 @@
cna: Canon
- reason: Canon
cna: Canon_EMEA
+- reason: Cato
+ cna: Cato
- reason: Centreon
cna: Centreon
- reason: Citrix
@@ -125,6 +129,8 @@
cna: juniper
- reason: Lenovo
cna: lenovo
+- reason: Lexmark
+ cna: Lexmark
- reason: Liferay
cna: Liferay
- reason: MediaTek
@@ -141,10 +147,14 @@
cna: NI
- reason: NetApp
cna: netapp
+- reason: Netskope
+ cna: Netskope
- reason: Nokia
cna: Nokia
- reason: Octopus Deploy
cna: Octopus
+- reason: Palantir
+ cna: Palantir
- reason: Palo Alto Networks
cna: palo_alto
- reason: Payara
@@ -153,6 +163,8 @@
cna: ProgressSoftware
- reason: Proofpoint
cna: Proofpoint
+- reason: OMRON
+ cna: OMRON
- reason: OpenHarmony
cna: OpenHarmony
- reason: OpenText
@@ -189,10 +201,16 @@
cna: siemens
- reason: Silicon Labs
cna: Silabs
+- reason: Softing
+ cna: Softing
- reason: SolarWinds
cna: SolarWinds
- reason: SonicWall
cna: sonicwall
+- reason: Sophos
+ cna: Sophos
+- reason: Symantec
+ cna: symantec
- reason: Synaptics
cna: Synaptics
- reason: Synology
@@ -205,6 +223,8 @@
cna: tibco
- reason: Trend Micro
cna: trendmicro
+- reason: TYPO3 (core or extensions)
+ cna: TYPO3
- reason: Unisoc
cna: Unisoc
- reason: WatchGuard
@@ -239,10 +259,23 @@
- cna: adobe
- not:
product: XMP Toolkit
+- reason: Apache software not packaged in Debian
+ allOf:
+ - cna: apache
+ - anyOf:
+ - product: Apache CXF
+ - product: Apache DolphinScheduler
+ - product: Apache HertzBeat (incubating)
+ - product: Apache Seata (incubating)
+ - product: Apache StreamPark
+ - product: Apache Superset
+ - product: Apache Zeppelin
- reason: Check Point
allOf:
- cna: checkpoint
- anyOf:
+ - product: Check Point Harmony SASE
+ - product: Check Point Management Log Server
- product: Check Point SmartConsole
- reason: Cisco
allOf:
@@ -252,17 +285,21 @@
- product: Cisco Adaptive Security Appliance (ASA) Software
- product: Cisco BroadWorks
- product: Cisco Catalyst SD-WAN Manager
- - product: Cisco Digital Network Architecture Center (DNA Center)
- product: Cisco DNA Spaces Connector
+ - product: Cisco Digital Network Architecture Center (DNA Center)
- product: Cisco Duo
- product: Cisco Enterprise Chat and Email
+ - product: Cisco Firepower Management Center
+ - product: Cisco Firepower Threat Defense Software
- product: Cisco IOS XE Catalyst SD-WAN
- product: Cisco IOS XE Software
- product: Cisco IOS XR Software
- product: Cisco Identity Services Engine Software
+ - product: Cisco Nexus Dashboard
- product: Cisco NX-OS Software
- product: Cisco Secure Network Analytics
- product: Cisco Unified Communications Manager
+ - product: Cisco Unified Computing System (Managed)
- product: Cisco Unified Contact Center Enterprise
- product: Cisco Unified Contact Center Express
- product: Cisco Webex Meetings
@@ -277,13 +314,16 @@
- cna: eclipse
- anyOf:
- product: Eclipse Cyclone DDS
+ - product: Eclipse Glassfish
- product: OpenJ9
- reason: Esri
allOf:
- cna: Esri
- anyOf:
- - product: ArcGIS Server
- product: ArcGIS Enterprise Builder
+ - product: ArcGIS Server
+ - product: Portal for ArcGIS Enterprise Experience Sites
+ - product: Portal for ArcGIS Enterprise Sites
- reason: F5
allOf:
- cna: f5
@@ -302,22 +342,41 @@
- cna: hp
- not:
product: HP Linux Imaging and Printing Software
+- reason: Intel
+ allOf:
+ - cna: intel
+ - anyOf:
+ - product: AI Playground software
+ - product: Edge Orchestrator software
+ - product: Intel(R) SGX SDK
- reason: NVIDIA
allOf:
- cna: nvidia
- anyOf:
- - product: Megatron LM
- product: AIStore
+ - product: Megatron LM
+ - product: Megatron-LM
+ - product: NVDebug tool
+ - product: NVIDIA Apex
+ - product: NVIDIA Isaac-GR00T N1
+ - product: NVIDIA Merlin Transformers4Rec
+ - product: NVIDIA NeMo Curator
+ - product: NVIDIA NeMo Framework
+ - product: NVIDIA WebDataset
+ - product: NeMo Framework
+ - product: Triton Inference Server
- reason: Oracle
allOf:
- cna: oracle
- anyOf:
- product: JD Edwards EnterpriseOne Tools
- product: MySQL Cluster
+ - product: Oracle Application Express
- product: Oracle Application Object Library
- product: Oracle Applications Framework
- product: Oracle Applications Technology Stack
- product: Oracle BI Publisher
+ - product: Oracle Business Intelligence Enterprise Edition
- product: Oracle CRM Technical Foundation
- product: Oracle Commerce Platform
- product: Oracle Common Applications
@@ -325,18 +384,29 @@
- product: Oracle Configurator
- product: Oracle Database Server
- product: Oracle Financial Services Revenue Management and Billing
+ - product: Oracle Financial Services Analytical Applications Infrastructure
- product: Oracle Hospitality Simphony
+ - product: Oracle Hyperion Financial Reporting
+ - product: Oracle Lease and Finance Management
+ - product: Oracle MES for Process Manufacturing
+ - product: Oracle Mobile Field Service
+ - product: Oracle REST Data Services
- product: Oracle Scripting
- product: Oracle Secure Backup
- product: Oracle Smart View for Office
- product: Oracle Solaris
- product: Oracle Teleservice
+ - product: Oracle Universal Work Queue
- product: Oracle User Management
+ - product: Oracle WebLogic Server
- product: Oracle iStore
- product: Oracle iSupplier Portal
- product: PeopleSoft Enterprise CC Common Application Objects
+ - product: PeopleSoft Enterprise HCM Global Payroll Core
- product: PeopleSoft Enterprise HCM Talent Acquisition Manager
- product: PeopleSoft Enterprise PeopleTools
+ - product: Primavera P6 Enterprise Project Portfolio Management
+ - product: Siebel CRM End User
- reason: VMware
allOf:
- cna: vmware
@@ -384,6 +454,7 @@
- product: Nuance Digital Engagement Platform
- product: Power Automate for Desktop
- product: Python extension for Visual Studio Code
+ - product: Service Fabric
- reason: Perforce
allOf:
- cna: Perforce
@@ -394,6 +465,7 @@
- cna: tenable
- anyOf:
- product: Agent
+ - product: M!DGE2
- product: Nessus
- product: Network Monitor
- reason: Trellix
@@ -402,8 +474,11 @@
- anyOf:
- product: Endpoint Security HX
- product: System Information Reporter
+ - product: Trellix Endpoint Security (HX) Agent
- product: Trellix HX Console
# Description based rules
+- reason: Advantech
+ description: '.*\bAdvantech\b.*'
- reason: Argo CD
description: '.*\b(?i:Argo CD)\b.*'
- reason: Belkin
@@ -413,7 +488,7 @@
- reason: Campcodes
description: '.*\b(?i:campcodes)\s.*\s(?i:(system|portal))\b.*'
- reason: code-projects
- description: '.*\b(?i:(code-projects|codeprojects))\s.*\s(?i:(forum|gallery|sharing|site|store|system))\b.*'
+ description: '.*\b(?i:(code-projects|codeprojects))\s.*\s(?i:(forum|gallery|sharing|site|store|system|submission))\b.*'
- reason: CODESYS
description: '.*\b(?i:CODESYS)\b.*'
- reason: Codezips
@@ -424,12 +499,18 @@
description: '.*\bDataEase\b.*'
- reason: DedeCMS
description: '.*\bDedeCMS\b.*'
+- reason: Directus
+ description: '.*\bDirectus\b.*'
- reason: Discourse
description: '.*\bDiscourse\b.*'
- reason: ESAFENET
description: '.*\bESAFENET\b.*'
+- reason: Foxit
+ description: '.*\bFoxit\b.*'
- reason: Intelbras
description: '.*\b(?i:Intelbras)\b.*'
+- reason: IrfanView
+ description: '.*\b(?i:IrfanView)\b.*'
- reason: itsourcecode System
description: '.*\b(?i:itsourcecode)\s.*\s(?i:(system))\b.*'
- reason: Ivanti
@@ -454,6 +535,8 @@
description: '.*\b(?i:PDF-XChange\s+(Editor|Viewer))\b.*'
- reason: PHPGurukul
description: '.*\b(?i:PHPGurukul)\b.*'
+- reason: Portabilis
+ description: '.*\b(?i:Portabilis\s+i-)\b.*'
- reason: Project Worlds
description: '.*\b(?i:(Project Worlds|projectworlds))\s.*\s(?i:(system|project))\b.*'
- reason: Serosoft Solutions
@@ -468,7 +551,7 @@
description: '.*\bTuleap\b.*'
- reason: TOTOLINK
description: '.*\b(?i:totolink)\b.*'
- reason: TP-Link
+- reason: TP-Link
description: '.*\b(?i:tp-link)\b.*'
- reason: TRENDnet
description: '.*\b(?i:trendnet)\b.*'
=====================================
data/packages/removed-packages
=====================================
@@ -943,6 +943,8 @@ ruby3.0
guacamole-client
printfilters-ppd
php8.1
+golang-1.16
+golang-1.17
golang-1.18
axtls
rust-crossbeam-utils-0.7
@@ -1081,3 +1083,5 @@ viagee
openjdk-20
wine-development
materialize
+python3.12
+mysql-workbench
=====================================
doc/DSA.template
=====================================
@@ -14,6 +14,9 @@ Debian Bug : $BUGNUM
$TEXT
+For the oldstable distribution ($OLDSTABLE), this problem has been fixed
+in version $$OLDSTABLE_VERSION.
+
For the stable distribution ($STABLE), this problem has been fixed in
version $$STABLE_VERSION.
=====================================
doc/security-team.d.o/index
=====================================
@@ -1,9 +1,11 @@
<table style="margin: 0 auto 0 auto;width: 100%;text-align:center;">
<tbody>
- <tr><th>bookworm 12</th><th>trixie 13</th><th>sid</th></tr>
- <tr><th>bookworm-security</th><th>testing</th><th>unstable</th></tr>
+ <tr><th>bookworm 12</th><th>trixie 13</th><th>forky</th><th>sid</th></tr>
+ <tr><th>bookworm-security</th><th>trixie-security</th><th>testing</th><th>unstable</th></tr>
<tr>
<td valign="top">
+ <a href="https://security-tracker.debian.org/tracker/status/release/oldstable">Vulnerable Packages</a><br\>
+ </td><td valign="top">
<a href="https://security-tracker.debian.org/tracker/status/release/stable">Vulnerable Packages</a><br\>
</td><td valign="top">
<a href="https://security-tracker.debian.org/tracker/status/release/testing">Vulnerable Packages</a><br\>
@@ -11,6 +13,8 @@
<a href="https://security-tracker.debian.org/tracker/status/release/unstable">Vulnerable Packages</a><br\>
</td></tr>
<tr><td valign="top">
+ <a href="https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/next-oldstable-point-update.txt">Next point update</a><br\>
+ </td><td valign="top">
<a href="https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/next-point-update.txt">Next point update</a><br\>
</td><td valign="top">
Next point update<br\>
=====================================
doc/security-team.d.o/security_tracker
=====================================
@@ -779,6 +779,11 @@ The following packages are needed:
python3-apt
python3-apsw
+Starting with the Debian 13 (trixie) release you need to install for the
+deprecated (since Python 3.13) 'cgi' module:
+
+ python3-legacy-cgi
+
The following commands build the databases for stable and run a python local server in port 10605:
make update-packages
=====================================
lib/debian-releases.mk
=====================================
@@ -7,7 +7,7 @@ endef
MAIN_RELEASES = $(call get_config, '.distributions | to_entries[] | select(.value.release) | .key')
SECURITY_RELEASES = $(filter-out sid, $(MAIN_RELEASES))
-BACKPORT_RELEASES = $(filter-out buster, $(SECURITY_RELEASES))
+BACKPORT_RELEASES = $(filter-out bullseye, $(SECURITY_RELEASES))
# Define the variables for the release on the main mirror
define add_main_release =
=====================================
lib/python/web_support.py
=====================================
@@ -486,8 +486,8 @@ def make_pre(lines):
pre = []
append = pre.append
for line in lines:
- # turn https:// and http:// into links
- results=re.search("(.*)(?P<url>https?://[^\s]+)(.*)", line)
+ # turn https:// and http:// into links, leaving out trailing '.,:)>'
+ results=re.search(r'(.*)(?P<url>https?://[^\s]+[^\s.,:)>])(.*)', line)
if results:
for group in results.groups():
if group.startswith('http://') or group.startswith('https://'):
=====================================
org/lts-frontdesk.2025.txt
=====================================
@@ -31,9 +31,9 @@ From 28-07 to 03-08:Utkarsh Gupta <guptautkarsh2102 at gmail.com>
From 04-08 to 10-08:Bastien Roucariès <roucaries.bastien at gmail.com>
From 11-08 to 17-08:Chris Lamb <chris at chris-lamb.co.uk>
From 18-08 to 24-08:Daniel Leidert <daniel.leidert at wgdd.de>
-From 25-08 to 31-08:Emilio Pozuelo Monfort <pochu27 at gmail.com>
+From 25-08 to 31-08:Bastien Roucariès <roucaries.bastien at gmail.com>
From 01-09 to 07-09:Markus Koschany <markus at koschany.net>
-From 08-09 to 14-09:
+From 08-09 to 14-09:Emilio Pozuelo Monfort <pochu27 at gmail.com>
From 15-09 to 21-09:Thorsten Alteholz <squeeze-lts at alteholz.de>
From 22-09 to 28-09:Utkarsh Gupta <guptautkarsh2102 at gmail.com>
From 29-09 to 05-10:Bastien Roucariès <roucaries.bastien at gmail.com>
@@ -49,4 +49,4 @@ From 01-12 to 07-12:Chris Lamb <chris at chris-lamb.co.uk>
From 08-12 to 14-12:Daniel Leidert <daniel.leidert at wgdd.de>
From 15-12 to 21-12:Emilio Pozuelo Monfort <pochu27 at gmail.com>
From 22-12 to 28-12:Markus Koschany <markus at koschany.net>
-From 29-12 to 04-01:Sylvain Beucler <beuc at beuc.net>
\ No newline at end of file
+From 29-12 to 04-01:Sylvain Beucler <beuc at beuc.net>
=====================================
static/distributions.json
=====================================
@@ -31,8 +31,8 @@
},
"trixie": {
"major-version": "13",
- "support": "none",
- "contact": ""
+ "support": "security",
+ "contact": "team at security.debian.org"
},
"forky": {
"major-version": "14",
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/399b89b12239903e552fd05117a377b25acf86b0...325137a65ba856404a65753d1cb4223cabdde4ff
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/399b89b12239903e552fd05117a377b25acf86b0...325137a65ba856404a65753d1cb4223cabdde4ff
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250913/9a2c6bce/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list