Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Update information on CVE-2019-0222 and associate mqtt-client | Salvatore Bonaccorso | 2021-03-01 | 1 | -3/+5 | |
| | | | | | | | | | | | | | activemq upstream included the mqtt-client library in the lib/extra directory but in Debian we use the external src:mqtt-client accordngly. The history is a bit involving at at first activemq disabled MQTT support, later on enabled it and depending on the mqtt-client provided packages. Associate now the CVE with mqtt-client where the issue got fixed. Thanks: Abhijith PA for spotting the issue. | |||||
* | Triage python-aiohttp for stretch | Utkarsh Gupta | 2021-03-01 | 1 | -0/+2 | |
| | ||||||
* | Triage spip for stretch | Utkarsh Gupta | 2021-03-01 | 1 | -0/+4 | |
| | ||||||
* | Track fixed version for CVE-2021-23336/python3.9 via unstable | Salvatore Bonaccorso | 2021-02-28 | 1 | -1/+1 | |
| | ||||||
* | Track fixed version for two xen issues via unstable | Salvatore Bonaccorso | 2021-02-28 | 1 | -2/+2 | |
| | ||||||
* | automatic update | security tracker role | 2021-02-28 | 1 | -4/+6 | |
| | ||||||
* | update note | Abhijith PA | 2021-03-01 | 1 | -0/+1 | |
| | ||||||
* | thunderbird DSA | Moritz Mühlenhoff | 2021-02-28 | 2 | -2/+3 | |
| | ||||||
* | Mark CVE-2016-2568 ignored for bullseye | Salvatore Bonaccorso | 2021-02-28 | 1 | -0/+1 | |
| | ||||||
* | Mark CVE-2016-10127 as no-dsa for bullseye | Salvatore Bonaccorso | 2021-02-28 | 1 | -0/+1 | |
| | ||||||
* | Add fixed version for CVE-2021-20206/golang-github-appc-cni via unstable | Salvatore Bonaccorso | 2021-02-28 | 1 | -1/+1 | |
| | ||||||
* | NFU | Henri Salo | 2021-02-28 | 1 | -1/+1 | |
| | ||||||
* | CVE-2021-20201: order commits | Salvatore Bonaccorso | 2021-02-28 | 1 | -1/+1 | |
| | ||||||
* | Add Debian bug reference for CVE-2021-20201/spice | Salvatore Bonaccorso | 2021-02-28 | 1 | -1/+1 | |
| | ||||||
* | Mark CVE-2021-20201/spice as no-dsa | Salvatore Bonaccorso | 2021-02-28 | 1 | -0/+1 | |
| | ||||||
* | Add Debian bug reference for CVE-2021-3410 | Salvatore Bonaccorso | 2021-02-28 | 1 | -1/+1 | |
| | ||||||
* | Reference commits for CVE-2021-3410 | Salvatore Bonaccorso | 2021-02-28 | 1 | -0/+2 | |
| | ||||||
* | Add Debian bug reference for CVE-2021-3407/mupdf | Salvatore Bonaccorso | 2021-02-28 | 1 | -1/+1 | |
| | ||||||
* | Mark CVE-2019-508{6,7}/xcftools as no-dsa | Salvatore Bonaccorso | 2021-02-28 | 1 | -0/+2 | |
| | ||||||
* | Update information for CVE-2020-29509 and track ↵ | Salvatore Bonaccorso | 2021-02-28 | 1 | -6/+7 | |
| | | | | golang-github-russellhaering-gosaml2 | |||||
* | Mark pypy and pypy3 as unimportant for CVE-2020-29651 | Salvatore Bonaccorso | 2021-02-28 | 1 | -3/+2 | |
| | | | | | Source-wise affected but the svnwc.py does not seem to be part of the binary packages produced as is an embedded copy of python-py. | |||||
* | Track embedded copies of python-py | Salvatore Bonaccorso | 2021-02-28 | 1 | -0/+4 | |
| | ||||||
* | Mark CVE-2020-29651/python-py as no-dsa | Salvatore Bonaccorso | 2021-02-28 | 1 | -0/+1 | |
| | ||||||
* | Track fixed version for CVE-2020-29651/python-py via unstable | Salvatore Bonaccorso | 2021-02-28 | 1 | -1/+1 | |
| | ||||||
* | Add Debian bug reference for CVE-2020-28491 | Salvatore Bonaccorso | 2021-02-28 | 1 | -1/+1 | |
| | ||||||
* | Add Debian bug reference for CVE-2020-27843 | Salvatore Bonaccorso | 2021-02-28 | 1 | -1/+1 | |
| | ||||||
* | Mark CVE-2020-28491 as no-dsa | Salvatore Bonaccorso | 2021-02-28 | 1 | -0/+1 | |
| | ||||||
* | Add additional reference for CVE-2020-27843 | Salvatore Bonaccorso | 2021-02-28 | 1 | -0/+1 | |
| | | | | | | Note, that while the commit make it avoid the oub of bounds access of the reported issue it is likely not meant to be the final and proper fix. | |||||
* | Add Debian bug reference for CVE-2021-20206 | Salvatore Bonaccorso | 2021-02-28 | 1 | -1/+1 | |
| | ||||||
* | Mark CVE-2021-20206 as no-dsa for buster | Salvatore Bonaccorso | 2021-02-28 | 1 | -0/+1 | |
| | ||||||
* | Track fixed version for CVE-2021-20247/isync | Salvatore Bonaccorso | 2021-02-27 | 1 | -1/+1 | |
| | ||||||
* | Track fixed version for CVE-2020-11867/audacity via unstable | Salvatore Bonaccorso | 2021-02-27 | 1 | -1/+1 | |
| | ||||||
* | Mark CVE-2021-2024{1,4-6}/imagemagick as ignored for stretch; follow buster | Utkarsh Gupta | 2021-02-28 | 1 | -0/+4 | |
| | ||||||
* | automatic update | security tracker role | 2021-02-27 | 2 | -0/+5 | |
| | ||||||
* | Remove one now obsolete TODO item | Salvatore Bonaccorso | 2021-02-27 | 1 | -1/+0 | |
| | ||||||
* | docker DSA | Moritz Mühlenhoff | 2021-02-27 | 2 | -4/+3 | |
| | ||||||
* | Merge branch 'beuc/security-tracker-natsort' | Salvatore Bonaccorso | 2021-02-27 | 1 | -1/+8 | |
|\ | | | | | | | | | | | tracker_service: display CVE entries using natural sort order See merge request security-tracker-team/security-tracker!76 | |||||
| * | tracker_service: display CVE entries using natural sort order [#76] | Sylvain Beucler | 2021-02-12 | 1 | -1/+8 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to avoid annoying confusions with the default incorrect sort due to e.g. CVE-2021-3392 considered higher than CVE-2021-20203 Approach: - use 'COLLATE natorder' [1]; however, we'd have to leave the bug unfixed for a few years, until this feature is merged and packaged in stable sqlite3 [1] https://sqlite.org/forum/forumpost/e4dc6f3331 - sort at the Python level; AFAICS this breaks the current code global logic that delegates the sort to the database, so we'd need to revamp the Python code or introduce ad-hoc logic - use a size-bounded sort at the SQL level (current patch) using a reasonable max size (10 digits / 32-bits), until 1) is available. (variable-length is feasible but impacts readability and performance) | |||||
* | | Add Debian bug reference for salt issues | Salvatore Bonaccorso | 2021-02-27 | 2 | -10/+10 | |
| | | ||||||
* | | Add reference for CVE-2020-35501/linux | Salvatore Bonaccorso | 2021-02-27 | 1 | -0/+1 | |
| | | ||||||
* | | Add CVE-2020-27223/jetty | Salvatore Bonaccorso | 2021-02-27 | 1 | -1/+3 | |
| | | ||||||
* | | Add CVE-2021-2127{3,4}/matrix-synapse | Salvatore Bonaccorso | 2021-02-27 | 1 | -2/+6 | |
| | | ||||||
* | | Process two NFUs | Salvatore Bonaccorso | 2021-02-27 | 1 | -2/+2 | |
| | | ||||||
* | | Three more salt issues | Salvatore Bonaccorso | 2021-02-27 | 1 | -3/+6 | |
| | | ||||||
* | | s-t.d.o/triage: Add reference for proposed update mechanism | Salvatore Bonaccorso | 2021-02-27 | 1 | -2/+1 | |
| | | ||||||
* | | Add reference for security.debian.org updates | Salvatore Bonaccorso | 2021-02-27 | 1 | -1/+1 | |
| | | ||||||
* | | s-t.do/triage: Correct sentence where an item will disapear from | Salvatore Bonaccorso | 2021-02-27 | 1 | -1/+1 | |
| | | ||||||
* | | Add some http references to explicitly refer to more detailed instrucitons | Salvatore Bonaccorso | 2021-02-27 | 1 | -8/+6 | |
| | | ||||||
* | | s-t.d.o/triage: Hilight postponed and ignored in code style | Salvatore Bonaccorso | 2021-02-27 | 1 | -2/+2 | |
| | | ||||||
* | | s-t.do/tirage: Fis some spelling errors in draft | Salvatore Bonaccorso | 2021-02-27 | 1 | -2/+2 | |
| | |