[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 11 20:13:38 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b2c97711 by security tracker role at 2026-02-11T20:13:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,297 @@
+CVE-2026-2361 (PostgreSQL Anonymizer contains a vulnerability that allows a user to g ...)
+ TODO: check
+CVE-2026-2360 (PostgreSQL Anonymizer contains a vulnerability that allows a user to g ...)
+ TODO: check
+CVE-2026-2345 (Proctorio Chrome Extension is a browser extension used for online proc ...)
+ TODO: check
+CVE-2026-2344 (A vulnerability in Plunet Plunet BusinessManager allows unauthorized a ...)
+ TODO: check
+CVE-2026-2337 (A vulnerability in Plunet Plunet BusinessManager allows session hijack ...)
+ TODO: check
+CVE-2026-2323 (Inappropriate implementation in Downloads in Google Chrome prior to 14 ...)
+ TODO: check
+CVE-2026-2322 (Inappropriate implementation in File input in Google Chrome prior to 1 ...)
+ TODO: check
+CVE-2026-2321 (Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowe ...)
+ TODO: check
+CVE-2026-2320 (Inappropriate implementation in File input in Google Chrome prior to 1 ...)
+ TODO: check
+CVE-2026-2319 (Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a rem ...)
+ TODO: check
+CVE-2026-2318 (Inappropriate implementation in PictureInPicture in Google Chrome prio ...)
+ TODO: check
+CVE-2026-2317 (Inappropriate implementation in Animation in Google Chrome prior to 14 ...)
+ TODO: check
+CVE-2026-2316 (Insufficient policy enforcement in Frames in Google Chrome prior to 14 ...)
+ TODO: check
+CVE-2026-2315 (Inappropriate implementation in WebGPU in Google Chrome prior to 145.0 ...)
+ TODO: check
+CVE-2026-2314 (Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 ...)
+ TODO: check
+CVE-2026-2313 (Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed ...)
+ TODO: check
+CVE-2026-2295 (The WPZOOM Addons for Elementor \u2013 Starter Templates & Widgets plu ...)
+ TODO: check
+CVE-2026-2250 (The /dbviewer/ web endpoint in METIS WIC devices is exposed without au ...)
+ TODO: check
+CVE-2026-2249 (METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based ...)
+ TODO: check
+CVE-2026-2248 (METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based ...)
+ TODO: check
+CVE-2026-25869 (MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnera ...)
+ TODO: check
+CVE-2026-25868 (MiniGal Nano version 0.3.5 and prior contain a reflected cross-site sc ...)
+ TODO: check
+CVE-2026-25084 (Authentication for ZLAN5143D can be bypassed by directly accessing int ...)
+ TODO: check
+CVE-2026-24789 (An unprotected API endpoint allows an attacker to remotely change the ...)
+ TODO: check
+CVE-2026-22894 (A path traversal vulnerability has been reported to affect File Statio ...)
+ TODO: check
+CVE-2026-1885 (The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2026-1853 (The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2026-1837 (A specially-crafted file can cause libjxl's decoder to write pixel dat ...)
+ TODO: check
+CVE-2026-1833 (The WaMate Confirm \u2013 Order Confirmation plugin for WordPress is v ...)
+ TODO: check
+CVE-2026-1827 (The Flask Micro code-editor plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2026-1826 (The OpenPOS Lite \u2013 Point of Sale for WooCommerce plugin for WordP ...)
+ TODO: check
+CVE-2026-1821 (The Microtango plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2026-1809 (The HTML Tag Shortcodes plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2026-1804 (The WDES Responsive Popup plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2026-1786 (The Twitter posts to Blog plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2026-1748 (The Invoct \u2013 PDF Invoices & Billing for WooCommerce plugin for Wo ...)
+ TODO: check
+CVE-2026-1560 (The Custom Block Builder \u2013 Lazy Blocks plugin for WordPress is vu ...)
+ TODO: check
+CVE-2026-1227 (CWE-611: Improper Restriction of XML External Entity Reference vulnera ...)
+ TODO: check
+CVE-2026-1226 (CWE\u201194: Improper Control of Generation of Code vulnerability exis ...)
+ TODO: check
+CVE-2026-1215 (The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2026-0910 (The wpForo Forum plugin for WordPress is vulnerable to PHP Object Inje ...)
+ TODO: check
+CVE-2026-0815 (The Category Image plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2026-0724 (The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2026-0229 (A denial-of-service (DoS) vulnerability in the Advanced DNS Security ( ...)
+ TODO: check
+CVE-2026-0228 (An improper certificate validation vulnerability in PAN-OS allows user ...)
+ TODO: check
+CVE-2025-9986 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-8668 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-8025 (Missing Authentication for Critical Function, Improper Access Control ...)
+ TODO: check
+CVE-2025-70297 (A stored cross-site scripting (XSS) vulnerability in the recipe asset ...)
+ TODO: check
+CVE-2025-70296 (A stored HTML injection vulnerability in the Recipe Notes rendering co ...)
+ TODO: check
+CVE-2025-70085 (An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer ha ...)
+ TODO: check
+CVE-2025-70084 (Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers ...)
+ TODO: check
+CVE-2025-70083 (An issue was discovered in OpenSatKit 2.2.1. The DirName field in the ...)
+ TODO: check
+CVE-2025-70029 (An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to ob ...)
+ TODO: check
+CVE-2025-69874 (nanotar through 0.2.0 has a path traversal vulnerability in parseTar() ...)
+ TODO: check
+CVE-2025-69873 (ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerab ...)
+ TODO: check
+CVE-2025-69872 (DiskCache (python-diskcache) through 5.6.3 uses Python pickle for seri ...)
+ TODO: check
+CVE-2025-69871 (A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and e ...)
+ TODO: check
+CVE-2025-68406 (A path traversal vulnerability has been reported to affect Qsync Centr ...)
+ TODO: check
+CVE-2025-66278 (A path traversal vulnerability has been reported to affect File Statio ...)
+ TODO: check
+CVE-2025-66277 (A link following vulnerability has been reported to affect several QNA ...)
+ TODO: check
+CVE-2025-66274 (A NULL pointer dereference vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2025-65480 (An issue was discovered in Pacom Unison Client 5.13.1. Authenticated u ...)
+ TODO: check
+CVE-2025-65128 (A missing authentication mechanism in the web management API component ...)
+ TODO: check
+CVE-2025-65127 (A lack of session validation in the web API component of Shenzhen Zhib ...)
+ TODO: check
+CVE-2025-64075 (A path traversal vulnerability in the check_token function of Shenzhen ...)
+ TODO: check
+CVE-2025-62856 (A path traversal vulnerability has been reported to affect File Statio ...)
+ TODO: check
+CVE-2025-62855 (A path traversal vulnerability has been reported to affect File Statio ...)
+ TODO: check
+CVE-2025-62854 (An uncontrolled resource consumption vulnerability has been reported t ...)
+ TODO: check
+CVE-2025-62853 (A path traversal vulnerability has been reported to affect File Statio ...)
+ TODO: check
+CVE-2025-61969 (Incorrect permission assignment in AMD \xb5Prof may allow a local user ...)
+ TODO: check
+CVE-2025-59386 (A NULL pointer dereference vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2025-58472 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
+ TODO: check
+CVE-2025-58471 (An allocation of resources without limits or throttling vulnerability ...)
+ TODO: check
+CVE-2025-58470 (A path traversal vulnerability has been reported to affect Qsync Centr ...)
+ TODO: check
+CVE-2025-58467 (A relative path traversal vulnerability has been reported to affect Qs ...)
+ TODO: check
+CVE-2025-58466 (A use of uninitialized variable vulnerability has been reported to aff ...)
+ TODO: check
+CVE-2025-57713 (A weak authentication vulnerability has been reported to affect File S ...)
+ TODO: check
+CVE-2025-57711 (An allocation of resources without limits or throttling vulnerability ...)
+ TODO: check
+CVE-2025-57710 (An allocation of resources without limits or throttling vulnerability ...)
+ TODO: check
+CVE-2025-57709 (A buffer overflow vulnerability has been reported to affect Qsync Cent ...)
+ TODO: check
+CVE-2025-57708 (An allocation of resources without limits or throttling vulnerability ...)
+ TODO: check
+CVE-2025-57707 (An improper neutralization of directives in statically saved code ('St ...)
+ TODO: check
+CVE-2025-54170 (An out-of-bounds read vulnerability has been reported to affect Qsync ...)
+ TODO: check
+CVE-2025-54169 (An out-of-bounds read vulnerability has been reported to affect File S ...)
+ TODO: check
+CVE-2025-54163 (A NULL pointer dereference vulnerability has been reported to affect F ...)
+ TODO: check
+CVE-2025-54162 (A path traversal vulnerability has been reported to affect File Statio ...)
+ TODO: check
+CVE-2025-54161 (An allocation of resources without limits or throttling vulnerability ...)
+ TODO: check
+CVE-2025-54155 (An allocation of resources without limits or throttling vulnerability ...)
+ TODO: check
+CVE-2025-54152 (A use of out-of-range pointer offset vulnerability has been reported t ...)
+ TODO: check
+CVE-2025-54151 (An uncontrolled resource consumption vulnerability has been reported t ...)
+ TODO: check
+CVE-2025-54150 (An uncontrolled resource consumption vulnerability has been reported t ...)
+ TODO: check
+CVE-2025-54149 (An uncontrolled resource consumption vulnerability has been reported t ...)
+ TODO: check
+CVE-2025-54148 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
+ TODO: check
+CVE-2025-54147 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
+ TODO: check
+CVE-2025-54146 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
+ TODO: check
+CVE-2025-53598 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
+ TODO: check
+CVE-2025-52870 (A buffer overflow vulnerability has been reported to affect Qsync Cent ...)
+ TODO: check
+CVE-2025-52869 (A buffer overflow vulnerability has been reported to affect Qsync Cent ...)
+ TODO: check
+CVE-2025-52868 (A buffer overflow vulnerability has been reported to affect Qsync Cent ...)
+ TODO: check
+CVE-2025-52541 (A DLL hijacking vulnerability in Vivado could allow a local attacker t ...)
+ TODO: check
+CVE-2025-48725 (A buffer overflow vulnerability has been reported to affect several QN ...)
+ TODO: check
+CVE-2025-48724 (A buffer overflow vulnerability has been reported to affect Qsync Cent ...)
+ TODO: check
+CVE-2025-48723 (A buffer overflow vulnerability has been reported to affect Qsync Cent ...)
+ TODO: check
+CVE-2025-48722 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
+ TODO: check
+CVE-2025-48518 (Improper input validation in AMD Graphics Driver could allow a local a ...)
+ TODO: check
+CVE-2025-48508 (Improper Hardware reset flow logic in the GPU GFX Hardware IP block co ...)
+ TODO: check
+CVE-2025-48503 (A DLL hijacking vulnerability in the AMD Software Installer could allo ...)
+ TODO: check
+CVE-2025-47209 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
+ TODO: check
+CVE-2025-47205 (A NULL pointer dereference vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2025-30276 (An out-of-bounds write vulnerability has been reported to affect Qsync ...)
+ TODO: check
+CVE-2025-30269 (A use of externally-controlled format string vulnerability has been re ...)
+ TODO: check
+CVE-2025-30266 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
+ TODO: check
+CVE-2025-15440 (The iONE360 configurator plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-15096 (The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2025-13651 (Exposure of Sensitive System Information to an Unauthorized Actor vuln ...)
+ TODO: check
+CVE-2025-13650 (An attacker with access to the web application ZeusWeb of the provider ...)
+ TODO: check
+CVE-2025-13649 (An attacker with access to the web applicationZeusWeb of the provider ...)
+ TODO: check
+CVE-2025-13648 (An attacker with access to the web application ZeusWeb of the provider ...)
+ TODO: check
+CVE-2025-13391 (The Product Options and Price Calculation Formulas for WooCommerce \u2 ...)
+ TODO: check
+CVE-2025-12474 (A specially-crafted file can cause libjxl's decoder to read pixel data ...)
+ TODO: check
+CVE-2025-12059 (Insertion of Sensitive Information into Externally-Accessible File or ...)
+ TODO: check
+CVE-2025-10913 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-10174 (Cleartext Transmission of Sensitive Information vulnerability in Pan S ...)
+ TODO: check
+CVE-2024-56808 (A command injection vulnerability has been reported to affect Media St ...)
+ TODO: check
+CVE-2024-56807 (An out-of-bounds read vulnerability has been reported to affect Media ...)
+ TODO: check
+CVE-2024-50618 (A Use of Single-factor Authentication vulnerability in the Authenticat ...)
+ TODO: check
+CVE-2024-36324 (Improper input validation in AMD Graphics Driver could allow an attack ...)
+ TODO: check
+CVE-2024-36320 (Integer Overflow within atihdwt6.sys can allow a local attacker to cau ...)
+ TODO: check
+CVE-2024-36316 (The integer overflow vulnerability within AMD Graphics driver could al ...)
+ TODO: check
+CVE-2024-26480 (An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitiv ...)
+ TODO: check
+CVE-2024-26479 (An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitiv ...)
+ TODO: check
+CVE-2024-26478 (An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitiv ...)
+ TODO: check
+CVE-2024-26477 (An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitiv ...)
+ TODO: check
+CVE-2023-31324 (A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ...)
+ TODO: check
+CVE-2019-25317 (Kimai 2 contains a persistent cross-site scripting vulnerability that ...)
+ TODO: check
+CVE-2019-25316 (GOautodial 4.0 contains a persistent cross-site scripting vulnerabilit ...)
+ TODO: check
+CVE-2019-25315 (WordPress Server Log Viewer 1.0 contains a persistent cross-site scrip ...)
+ TODO: check
+CVE-2019-25314 (Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site ...)
+ TODO: check
+CVE-2019-25312 (InoERP 0.7.2 contains a persistent cross-site scripting vulnerability ...)
+ TODO: check
+CVE-2019-25311 (thesystem version 1.0 contains a persistent cross-site scripting vulne ...)
+ TODO: check
+CVE-2019-25310 (ActiveFax Server 6.92 Build 0316 contains an unquoted service path vul ...)
+ TODO: check
+CVE-2019-25309 (Zilab Remote Console Server 3.2.9 contains an unquoted service path vu ...)
+ TODO: check
+CVE-2019-25308 (Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in ...)
+ TODO: check
+CVE-2019-25307 (WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in ...)
+ TODO: check
+CVE-2019-25306 (BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vuln ...)
+ TODO: check
+CVE-2018-25157 (Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability ...)
+ TODO: check
CVE-2026-0968 [Denial of Service due to malformed SFTP message]
- libssh <unfixed> (bug #1127693)
NOTE: https://www.libssh.org/security/advisories/CVE-2026-0968.txt
@@ -95,35 +389,35 @@ CVE-2026-2271 [GIMP PSP File Parsing Integer Overflow Leading to Heap Corruption
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15732
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/d9d0f5b4e642dd5b101e70728042027d568bb01d
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/0e63f096fa5f7dc3fae0a8e865fd5a05ebe45da8 (GIMP_3_0_8)
-CVE-2025-14594
+CVE-2025-14594 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <not-affected> (Vulnerable code not present)
-CVE-2026-1282
+CVE-2026-1282 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <not-affected> (Vulnerable code not present)
-CVE-2025-14592
+CVE-2025-14592 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <not-affected> (Vulnerable code not present)
-CVE-2026-1080
+CVE-2026-1080 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
- gitlab <not-affected> (Only affects Gitlab EE)
-CVE-2025-12073
+CVE-2025-12073 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <not-affected> (Vulnerable code not present)
-CVE-2026-1094
+CVE-2026-1094 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <not-affected> (Vulnerable code not present)
-CVE-2025-12575
+CVE-2025-12575 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
- gitlab <not-affected> (Only affects Gitlab EE)
-CVE-2026-1387
+CVE-2026-1387 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
- gitlab <not-affected> (Only affects Gitlab EE)
-CVE-2026-1456
+CVE-2026-1456 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <not-affected> (Vulnerable code not present)
-CVE-2026-1458
+CVE-2026-1458 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
-CVE-2026-0595
+CVE-2026-0595 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
-CVE-2025-14560
+CVE-2025-14560 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
-CVE-2026-0958
+CVE-2026-0958 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <not-affected> (Vulnerable code not present)
-CVE-2025-8099
+CVE-2025-8099 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <not-affected> (Vulnerable code not present)
-CVE-2025-7659
+CVE-2025-7659 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2026-25531
- kanboard <unfixed> (bug #1127694)
@@ -964,7 +1258,7 @@ CVE-2026-25916 (Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Blo
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/036e851b683333205813f70acda2dc047b4891c8 (1.6.13)
NOTE: https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13
NOTE: https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/
-CVE-2026-26079 [CSS injection vulnerability]
+CVE-2026-26079 (Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading ...)
- roundcube 1.6.13+dfsg-1 (bug #1127447)
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816 (1.6.13)
NOTE: Regression fix: https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447 (1.6.13)
@@ -321799,8 +322093,8 @@ CVE-2023-20550
RESERVED
CVE-2023-20549
RESERVED
-CVE-2023-20548
- RESERVED
+CVE-2023-20548 (A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ...)
+ TODO: check
CVE-2023-20547
RESERVED
CVE-2023-20546
@@ -321868,8 +322162,8 @@ CVE-2023-20516 (Improper handling of insufficiency privileges in the ASP could a
NOT-FOR-US: AMD
CVE-2023-20515 (Improper access control in the fTPM driver in the trusted OS could all ...)
NOT-FOR-US: AMD
-CVE-2023-20514
- RESERVED
+CVE-2023-20514 (Improper handling of parameters in the AMD Secure Processor (ASP) coul ...)
+ TODO: check
CVE-2023-20513 (An insufficient bounds check in PMFW (Power Management Firmware) may a ...)
NOT-FOR-US: AMD
CVE-2023-20512 (A hardcoded AES key in PMFW may result in a privileged attacker gain ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2c97711fdeca06e0ff65c20c37038d195993fb6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2c97711fdeca06e0ff65c20c37038d195993fb6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260211/388e6c8b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list