Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add CVE-2021-28041/openssh | Salvatore Bonaccorso | 2021-03-05 | 1 | -1/+5 |
| | |||||
* | automatic update | security tracker role | 2021-03-05 | 6 | -62/+215 |
| | |||||
* | Add upstream references for CVE-2021-340{3,4}/libytnef | Salvatore Bonaccorso | 2021-03-05 | 1 | -0/+4 |
| | |||||
* | CVEs assigned for XSA-367 and XSA-369 | Salvatore Bonaccorso | 2021-03-05 | 1 | -2/+2 |
| | |||||
* | Remove no-dsa tag for CVE-2018-11775 CVE-2017-15709 | Abhijith PA | 2021-03-05 | 2 | -2/+0 |
| | |||||
* | Reserve DLA-2583-1 for activemq | Abhijith PA | 2021-03-05 | 2 | -3/+3 |
| | |||||
* | Reserve DLA-2582-1 for mqtt-client | Abhijith PA | 2021-03-05 | 2 | -3/+3 |
| | |||||
* | Track fixed version for CVE-2021-3407/mupdf via unstable | Salvatore Bonaccorso | 2021-03-05 | 1 | -1/+1 |
| | |||||
* | Add CVE-2021-27907 | Salvatore Bonaccorso | 2021-03-05 | 1 | -0/+1 |
| | |||||
* | Add CVE-2021-21334/containerd | Salvatore Bonaccorso | 2021-03-05 | 1 | -0/+2 |
| | |||||
* | Merge branch 'distributions-eol-support' | Salvatore Bonaccorso | 2021-03-05 | 1 | -2/+2 |
|\ | |||||
| * | distributions.json: Introduce 'end-of-life' for support attribute | Salvatore Bonaccorso | 2021-03-05 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently there should be no other consumers apart reportbug of the 'none' value so we have still time to change interface here. Although reportbug is using the 'none' explicitly to differentiate from 'lts' and 'security' there is no significant behaviour change if additionally introducing the 'end-of-life' value. Values for support will be 'none', 'security', 'lts' and 'end-of-life' where versions not supported anymore by neither security team nor LTS team will be moved to 'end-of-life' from security-tracker point of view. We need to introduce a differentiation from 'none' support to help with https://salsa.debian.org/qa/distro-tracker/-/issues/58 Summarizing the 'support' attribute: - none: future not yet released stable releases - security: releases supported by the Debian security team - lts: releases supported by the Debian LTS team - end-of-life: releases which are considered end of life from security-tracker perspective. Link: https://salsa.debian.org/qa/distro-tracker/-/issues/58 Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> | ||||
* | | cvelist.el: New function to insert no-dsa comment based on the current ↵ | Moritz Muehlenhoff | 2021-03-05 | 1 | -0/+11 |
| | | | | | | | | source entry. | ||||
* | | elisp: correctly disable font-locking for non-keyword through buffer-local ↵ | Sébastien Delafond | 2021-03-05 | 1 | -17/+28 |
| | | | | | | | | | | | | font-lock-defaults Reformat the entire file while at it, and make flycheck happy | ||||
* | | new neutron issue (concludes external check) | Moritz Muehlenhoff | 2021-03-05 | 1 | -0/+3 |
| | | |||||
* | | qemu triage | Moritz Muehlenhoff | 2021-03-05 | 2 | -3/+8 |
| | | |||||
* | | Process more NFUs | Salvatore Bonaccorso | 2021-03-05 | 2 | -12/+12 |
| | | |||||
* | | Process some NFUs | Salvatore Bonaccorso | 2021-03-05 | 1 | -6/+6 |
| | | |||||
* | | Do not track CVE-2021-24032 for DLA-2573-1 | Salvatore Bonaccorso | 2021-03-05 | 2 | -2/+3 |
| | | | | | | | | | | | | | | | | The CVE was assigned for an incomplete fix (which affected indeed unstable and buster, but for stretch the issue in CVE-2021-24031 was in one go fixed with the correct fix without opening CVE-2021-24032). Adjust tracking to reflect the situation in the supported suites. | ||||
* | | Update information on CVE-2021-20268/linux | Salvatore Bonaccorso | 2021-03-05 | 1 | -2/+5 |
| | | |||||
* | | automatic update | security tracker role | 2021-03-05 | 3 | -71/+90 |
| | | |||||
* | | Add CVE-2021-20268/linux | Salvatore Bonaccorso | 2021-03-05 | 1 | -0/+2 |
| | | |||||
* | | Add CVE-2021-20265/linux | Salvatore Bonaccorso | 2021-03-05 | 1 | -1/+3 |
| | | |||||
* | | doc: Add triage of low severity issues to index | Salvatore Bonaccorso | 2021-03-05 | 1 | -0/+1 |
| | | | | | | | | Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> | ||||
* | | Merge branch 'show-list-item-marker' into 'master' | Salvatore Bonaccorso | 2021-03-05 | 1 | -1/+1 |
|\ \ | | | | | | | | | | | | | Display list item marker in HTML (for "bullet points") See merge request security-tracker-team/security-tracker!79 | ||||
| * | | Display list item marker in HTML (for "bullet points") | Carles Pina i Estany | 2021-03-04 | 1 | -1/+1 |
|/ / | |||||
* | | Process some NFUs | Salvatore Bonaccorso | 2021-03-04 | 2 | -26/+26 |
| | | |||||
* | | automatic update | security tracker role | 2021-03-04 | 2 | -64/+86 |
|/ | |||||
* | Remove tracking in CVE-2021-0448 (confirmed duplicate) | Salvatore Bonaccorso | 2021-03-04 | 1 | -4/+0 |
| | |||||
* | Update information on XSA-369 issue | Salvatore Bonaccorso | 2021-03-04 | 1 | -1/+3 |
| | |||||
* | new linux/xen issues | Moritz Muehlenhoff | 2021-03-04 | 1 | -0/+6 |
| | |||||
* | add triage to Makefile | Moritz Muehlenhoff | 2021-03-04 | 1 | -1/+1 |
| | |||||
* | final polishing | Moritz Muehlenhoff | 2021-03-04 | 2 | -5/+6 |
| | |||||
* | Drop grub2 from dla-needed; ignored | Utkarsh Gupta | 2021-03-04 | 1 | -5/+0 |
| | |||||
* | Mark 7 CVEs affecting grub2 as ignored for stretch | Utkarsh Gupta | 2021-03-04 | 2 | -0/+7 |
| | |||||
* | Add new glpi issues | Salvatore Bonaccorso | 2021-03-04 | 1 | -3/+6 |
| | |||||
* | Process NFUs | Salvatore Bonaccorso | 2021-03-04 | 3 | -5/+5 |
| | |||||
* | Add CVE-2021-3418/grub2 | Salvatore Bonaccorso | 2021-03-04 | 1 | -0/+2 |
| | |||||
* | Add CVE-2021-26813/python-markdown2 | Salvatore Bonaccorso | 2021-03-04 | 1 | -1/+2 |
| | |||||
* | Add CVE-2021-22134/elasticsearch | Salvatore Bonaccorso | 2021-03-04 | 1 | -0/+1 |
| | |||||
* | Track the 5 other pillow CVEs as well | Salvatore Bonaccorso | 2021-03-04 | 1 | -0/+10 |
| | | | | | We still should try to clarify if the other three are potentially duplicated assignments between two CNAs | ||||
* | automatic update | security tracker role | 2021-03-04 | 2 | -14/+38 |
| | |||||
* | Track fixed version for three CVEs for pillow via unstable | Salvatore Bonaccorso | 2021-03-04 | 1 | -3/+3 |
| | | | | | | | | | | | | | | | | | | The changelog for pillow's upload to unstable lists completely different set of CVEs, question if they are typos or additional CVEs to be tracked, investigation pending. The are specifically: pillow (8.1.1-1) unstable; urgency=high . * New upstream version. - Use more specific regex chars to prevent ReDoS. CVE-2021-25292. - Fix OOB Read in TiffDecode.c, and check the tile validity before reading. CVE-2021-25291. - Fix negative size read in TiffDecode.c. CVE-2021-25290. - Fix OOB read in SgiRleDecode.c. CVE-2021-25293. - Incorrect error code checking in TiffDecode.c. CVE-2021-25289. | ||||
* | Track fixed version for CVE-2021-20230/stunnel4 | Salvatore Bonaccorso | 2021-03-04 | 1 | -1/+1 |
| | |||||
* | NFUs | Moritz Muehlenhoff | 2021-03-03 | 2 | -13/+16 |
| | | | | pillow ignored | ||||
* | Proces some more NFUs | Salvatore Bonaccorso | 2021-03-03 | 1 | -3/+3 |
| | |||||
* | Add new pillow issues | Salvatore Bonaccorso | 2021-03-03 | 1 | -3/+3 |
| | |||||
* | Add CVE-2021-27927/zabbix | Salvatore Bonaccorso | 2021-03-03 | 1 | -1/+2 |
| | |||||
* | Process some NFUs | Salvatore Bonaccorso | 2021-03-03 | 2 | -4/+4 |
| | |||||
* | Remove notes from CVE-2021-3419 (withdrawn by its CNA) | Salvatore Bonaccorso | 2021-03-03 | 1 | -5/+1 |
| |