summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Update information on CVE-2019-0222 and associate mqtt-clientSalvatore Bonaccorso2021-03-011-3/+5
| | | | | | | | | | | | | activemq upstream included the mqtt-client library in the lib/extra directory but in Debian we use the external src:mqtt-client accordngly. The history is a bit involving at at first activemq disabled MQTT support, later on enabled it and depending on the mqtt-client provided packages. Associate now the CVE with mqtt-client where the issue got fixed. Thanks: Abhijith PA for spotting the issue.
* Triage python-aiohttp for stretchUtkarsh Gupta2021-03-011-0/+2
|
* Triage spip for stretchUtkarsh Gupta2021-03-011-0/+4
|
* Track fixed version for CVE-2021-23336/python3.9 via unstableSalvatore Bonaccorso2021-02-281-1/+1
|
* Track fixed version for two xen issues via unstableSalvatore Bonaccorso2021-02-281-2/+2
|
* automatic updatesecurity tracker role2021-02-281-4/+6
|
* update noteAbhijith PA2021-03-011-0/+1
|
* thunderbird DSAMoritz Mühlenhoff2021-02-282-2/+3
|
* Mark CVE-2016-2568 ignored for bullseyeSalvatore Bonaccorso2021-02-281-0/+1
|
* Mark CVE-2016-10127 as no-dsa for bullseyeSalvatore Bonaccorso2021-02-281-0/+1
|
* Add fixed version for CVE-2021-20206/golang-github-appc-cni via unstableSalvatore Bonaccorso2021-02-281-1/+1
|
* NFUHenri Salo2021-02-281-1/+1
|
* CVE-2021-20201: order commitsSalvatore Bonaccorso2021-02-281-1/+1
|
* Add Debian bug reference for CVE-2021-20201/spiceSalvatore Bonaccorso2021-02-281-1/+1
|
* Mark CVE-2021-20201/spice as no-dsaSalvatore Bonaccorso2021-02-281-0/+1
|
* Add Debian bug reference for CVE-2021-3410Salvatore Bonaccorso2021-02-281-1/+1
|
* Reference commits for CVE-2021-3410Salvatore Bonaccorso2021-02-281-0/+2
|
* Add Debian bug reference for CVE-2021-3407/mupdfSalvatore Bonaccorso2021-02-281-1/+1
|
* Mark CVE-2019-508{6,7}/xcftools as no-dsaSalvatore Bonaccorso2021-02-281-0/+2
|
* Update information for CVE-2020-29509 and track ↵Salvatore Bonaccorso2021-02-281-6/+7
| | | | golang-github-russellhaering-gosaml2
* Mark pypy and pypy3 as unimportant for CVE-2020-29651Salvatore Bonaccorso2021-02-281-3/+2
| | | | | Source-wise affected but the svnwc.py does not seem to be part of the binary packages produced as is an embedded copy of python-py.
* Track embedded copies of python-pySalvatore Bonaccorso2021-02-281-0/+4
|
* Mark CVE-2020-29651/python-py as no-dsaSalvatore Bonaccorso2021-02-281-0/+1
|
* Track fixed version for CVE-2020-29651/python-py via unstableSalvatore Bonaccorso2021-02-281-1/+1
|
* Add Debian bug reference for CVE-2020-28491Salvatore Bonaccorso2021-02-281-1/+1
|
* Add Debian bug reference for CVE-2020-27843Salvatore Bonaccorso2021-02-281-1/+1
|
* Mark CVE-2020-28491 as no-dsaSalvatore Bonaccorso2021-02-281-0/+1
|
* Add additional reference for CVE-2020-27843Salvatore Bonaccorso2021-02-281-0/+1
| | | | | | Note, that while the commit make it avoid the oub of bounds access of the reported issue it is likely not meant to be the final and proper fix.
* Add Debian bug reference for CVE-2021-20206Salvatore Bonaccorso2021-02-281-1/+1
|
* Mark CVE-2021-20206 as no-dsa for busterSalvatore Bonaccorso2021-02-281-0/+1
|
* Track fixed version for CVE-2021-20247/isyncSalvatore Bonaccorso2021-02-271-1/+1
|
* Track fixed version for CVE-2020-11867/audacity via unstableSalvatore Bonaccorso2021-02-271-1/+1
|
* Mark CVE-2021-2024{1,4-6}/imagemagick as ignored for stretch; follow busterUtkarsh Gupta2021-02-281-0/+4
|
* automatic updatesecurity tracker role2021-02-272-0/+5
|
* Remove one now obsolete TODO itemSalvatore Bonaccorso2021-02-271-1/+0
|
* docker DSAMoritz Mühlenhoff2021-02-272-4/+3
|
* Merge branch 'beuc/security-tracker-natsort'Salvatore Bonaccorso2021-02-271-1/+8
|\ | | | | | | | | | | tracker_service: display CVE entries using natural sort order See merge request security-tracker-team/security-tracker!76
| * tracker_service: display CVE entries using natural sort order [#76]Sylvain Beucler2021-02-121-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to avoid annoying confusions with the default incorrect sort due to e.g. CVE-2021-3392 considered higher than CVE-2021-20203 Approach: - use 'COLLATE natorder' [1]; however, we'd have to leave the bug unfixed for a few years, until this feature is merged and packaged in stable sqlite3 [1] https://sqlite.org/forum/forumpost/e4dc6f3331 - sort at the Python level; AFAICS this breaks the current code global logic that delegates the sort to the database, so we'd need to revamp the Python code or introduce ad-hoc logic - use a size-bounded sort at the SQL level (current patch) using a reasonable max size (10 digits / 32-bits), until 1) is available. (variable-length is feasible but impacts readability and performance)
* | Add Debian bug reference for salt issuesSalvatore Bonaccorso2021-02-272-10/+10
| |
* | Add reference for CVE-2020-35501/linuxSalvatore Bonaccorso2021-02-271-0/+1
| |
* | Add CVE-2020-27223/jettySalvatore Bonaccorso2021-02-271-1/+3
| |
* | Add CVE-2021-2127{3,4}/matrix-synapseSalvatore Bonaccorso2021-02-271-2/+6
| |
* | Process two NFUsSalvatore Bonaccorso2021-02-271-2/+2
| |
* | Three more salt issuesSalvatore Bonaccorso2021-02-271-3/+6
| |
* | s-t.d.o/triage: Add reference for proposed update mechanismSalvatore Bonaccorso2021-02-271-2/+1
| |
* | Add reference for security.debian.org updatesSalvatore Bonaccorso2021-02-271-1/+1
| |
* | s-t.do/triage: Correct sentence where an item will disapear fromSalvatore Bonaccorso2021-02-271-1/+1
| |
* | Add some http references to explicitly refer to more detailed instrucitonsSalvatore Bonaccorso2021-02-271-8/+6
| |
* | s-t.d.o/triage: Hilight postponed and ignored in code styleSalvatore Bonaccorso2021-02-271-2/+2
| |
* | s-t.do/tirage: Fis some spelling errors in draftSalvatore Bonaccorso2021-02-271-2/+2
| |

© 2014-2024 Faster IT GmbH | imprint | privacy policy