summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add CVE-2021-28041/opensshSalvatore Bonaccorso2021-03-051-1/+5
|
* automatic updatesecurity tracker role2021-03-056-62/+215
|
* Add upstream references for CVE-2021-340{3,4}/libytnefSalvatore Bonaccorso2021-03-051-0/+4
|
* CVEs assigned for XSA-367 and XSA-369Salvatore Bonaccorso2021-03-051-2/+2
|
* Remove no-dsa tag for CVE-2018-11775 CVE-2017-15709Abhijith PA2021-03-052-2/+0
|
* Reserve DLA-2583-1 for activemqAbhijith PA2021-03-052-3/+3
|
* Reserve DLA-2582-1 for mqtt-clientAbhijith PA2021-03-052-3/+3
|
* Track fixed version for CVE-2021-3407/mupdf via unstableSalvatore Bonaccorso2021-03-051-1/+1
|
* Add CVE-2021-27907Salvatore Bonaccorso2021-03-051-0/+1
|
* Add CVE-2021-21334/containerdSalvatore Bonaccorso2021-03-051-0/+2
|
* Merge branch 'distributions-eol-support'Salvatore Bonaccorso2021-03-051-2/+2
|\
| * distributions.json: Introduce 'end-of-life' for support attributeSalvatore Bonaccorso2021-03-051-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently there should be no other consumers apart reportbug of the 'none' value so we have still time to change interface here. Although reportbug is using the 'none' explicitly to differentiate from 'lts' and 'security' there is no significant behaviour change if additionally introducing the 'end-of-life' value. Values for support will be 'none', 'security', 'lts' and 'end-of-life' where versions not supported anymore by neither security team nor LTS team will be moved to 'end-of-life' from security-tracker point of view. We need to introduce a differentiation from 'none' support to help with https://salsa.debian.org/qa/distro-tracker/-/issues/58 Summarizing the 'support' attribute: - none: future not yet released stable releases - security: releases supported by the Debian security team - lts: releases supported by the Debian LTS team - end-of-life: releases which are considered end of life from security-tracker perspective. Link: https://salsa.debian.org/qa/distro-tracker/-/issues/58 Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* | cvelist.el: New function to insert no-dsa comment based on the current ↵Moritz Muehlenhoff2021-03-051-0/+11
| | | | | | | | source entry.
* | elisp: correctly disable font-locking for non-keyword through buffer-local ↵Sébastien Delafond2021-03-051-17/+28
| | | | | | | | | | | | font-lock-defaults Reformat the entire file while at it, and make flycheck happy
* | new neutron issue (concludes external check)Moritz Muehlenhoff2021-03-051-0/+3
| |
* | qemu triageMoritz Muehlenhoff2021-03-052-3/+8
| |
* | Process more NFUsSalvatore Bonaccorso2021-03-052-12/+12
| |
* | Process some NFUsSalvatore Bonaccorso2021-03-051-6/+6
| |
* | Do not track CVE-2021-24032 for DLA-2573-1Salvatore Bonaccorso2021-03-052-2/+3
| | | | | | | | | | | | | | | | The CVE was assigned for an incomplete fix (which affected indeed unstable and buster, but for stretch the issue in CVE-2021-24031 was in one go fixed with the correct fix without opening CVE-2021-24032). Adjust tracking to reflect the situation in the supported suites.
* | Update information on CVE-2021-20268/linuxSalvatore Bonaccorso2021-03-051-2/+5
| |
* | automatic updatesecurity tracker role2021-03-053-71/+90
| |
* | Add CVE-2021-20268/linuxSalvatore Bonaccorso2021-03-051-0/+2
| |
* | Add CVE-2021-20265/linuxSalvatore Bonaccorso2021-03-051-1/+3
| |
* | doc: Add triage of low severity issues to indexSalvatore Bonaccorso2021-03-051-0/+1
| | | | | | | | Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* | Merge branch 'show-list-item-marker' into 'master'Salvatore Bonaccorso2021-03-051-1/+1
|\ \ | | | | | | | | | | | | Display list item marker in HTML (for "bullet points") See merge request security-tracker-team/security-tracker!79
| * | Display list item marker in HTML (for "bullet points")Carles Pina i Estany2021-03-041-1/+1
|/ /
* | Process some NFUsSalvatore Bonaccorso2021-03-042-26/+26
| |
* | automatic updatesecurity tracker role2021-03-042-64/+86
|/
* Remove tracking in CVE-2021-0448 (confirmed duplicate)Salvatore Bonaccorso2021-03-041-4/+0
|
* Update information on XSA-369 issueSalvatore Bonaccorso2021-03-041-1/+3
|
* new linux/xen issuesMoritz Muehlenhoff2021-03-041-0/+6
|
* add triage to MakefileMoritz Muehlenhoff2021-03-041-1/+1
|
* final polishingMoritz Muehlenhoff2021-03-042-5/+6
|
* Drop grub2 from dla-needed; ignoredUtkarsh Gupta2021-03-041-5/+0
|
* Mark 7 CVEs affecting grub2 as ignored for stretchUtkarsh Gupta2021-03-042-0/+7
|
* Add new glpi issuesSalvatore Bonaccorso2021-03-041-3/+6
|
* Process NFUsSalvatore Bonaccorso2021-03-043-5/+5
|
* Add CVE-2021-3418/grub2Salvatore Bonaccorso2021-03-041-0/+2
|
* Add CVE-2021-26813/python-markdown2Salvatore Bonaccorso2021-03-041-1/+2
|
* Add CVE-2021-22134/elasticsearchSalvatore Bonaccorso2021-03-041-0/+1
|
* Track the 5 other pillow CVEs as wellSalvatore Bonaccorso2021-03-041-0/+10
| | | | | We still should try to clarify if the other three are potentially duplicated assignments between two CNAs
* automatic updatesecurity tracker role2021-03-042-14/+38
|
* Track fixed version for three CVEs for pillow via unstableSalvatore Bonaccorso2021-03-041-3/+3
| | | | | | | | | | | | | | | | | | The changelog for pillow's upload to unstable lists completely different set of CVEs, question if they are typos or additional CVEs to be tracked, investigation pending. The are specifically: pillow (8.1.1-1) unstable; urgency=high . * New upstream version. - Use more specific regex chars to prevent ReDoS. CVE-2021-25292. - Fix OOB Read in TiffDecode.c, and check the tile validity before reading. CVE-2021-25291. - Fix negative size read in TiffDecode.c. CVE-2021-25290. - Fix OOB read in SgiRleDecode.c. CVE-2021-25293. - Incorrect error code checking in TiffDecode.c. CVE-2021-25289.
* Track fixed version for CVE-2021-20230/stunnel4Salvatore Bonaccorso2021-03-041-1/+1
|
* NFUsMoritz Muehlenhoff2021-03-032-13/+16
| | | | pillow ignored
* Proces some more NFUsSalvatore Bonaccorso2021-03-031-3/+3
|
* Add new pillow issuesSalvatore Bonaccorso2021-03-031-3/+3
|
* Add CVE-2021-27927/zabbixSalvatore Bonaccorso2021-03-031-1/+2
|
* Process some NFUsSalvatore Bonaccorso2021-03-032-4/+4
|
* Remove notes from CVE-2021-3419 (withdrawn by its CNA)Salvatore Bonaccorso2021-03-031-5/+1
|

© 2014-2024 Faster IT GmbH | imprint | privacy policy