summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add rmadison query to review-update-needed to ensure packages exist in ↵users/roberto/rmadison_review-update-neededRoberto C. Sánchez2020-01-301-0/+29
| | | | specified suite(s)
* LTS/remove libxmlrpc3-java from dla-needed.txt; it has already been completedRoberto C. Sánchez2020-01-301-2/+0
|
* Add fixed version for CVE-2020-05{69,70}/qtbase-opensource-srcSalvatore Bonaccorso2020-01-301-2/+2
|
* Add CVE-2019-18634/sudoSalvatore Bonaccorso2020-01-301-1/+3
|
* Add CVE-2019-3016/linuxSalvatore Bonaccorso2020-01-301-1/+2
|
* Add tracking for italc fixes via stretch-puSalvatore Bonaccorso2020-01-301-0/+20
| | | | | Note that explicitly some CVEs are not tracked. They are not associatd in the security-tracker with italc rather in libvncserver source only.
* Track some italc issues as not-affected as the incomplete fixes not appliedSalvatore Bonaccorso2020-01-301-0/+4
|
* Process NFUsSalvatore Bonaccorso2020-01-301-21/+21
|
* Mark CVE-2019-12290/libidn2 as no-dsaSalvatore Bonaccorso2020-01-301-0/+1
| | | | | | Furthermore the change is quite intrusive and too risky to solely ship via a security update. Rather the CVE fix should be postponed and proposed via a point release.
* Add JetBrains specific NFUsSalvatore Bonaccorso2020-01-301-9/+9
|
* Add CVE-2020-8492/python*Salvatore Bonaccorso2020-01-301-1/+8
|
* automatic updatesecurity tracker role2020-01-301-54/+142
|
* Update information on CVE-2020-0569 and CVE-2020-0570Salvatore Bonaccorso2020-01-301-1/+1
| | | | | | | | | | | | | | | For CVE-2020-0570 Lisandro asked back to upstream about confirmation on the affected ranges. Upstream confirmed that the issue is not present before 5.12: > The patch just make sure that we don't do wrong call when the search prefixes > contains '/' > But before 5.12 (commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d), there were > no search prefixes with '/' in them. > So no need to apply the patch in earlier versions. Remove as well the now uneeded TODO item from CVE-2020-0569, as the issue does not apply to the old qt4-x11.
* NFUsMoritz Muehlenhoff2020-01-302-15/+18
| | | | stb code copy bugs
* Add fixed version for CVE-2020-193{0,1}/spamassassinSalvatore Bonaccorso2020-01-301-2/+2
| | | | 3.4.4~rc1-1 already contain the upstream fixes for those issues.
* Add Debian bug reference for CVE-2020-193{0,1}/spamassassinSalvatore Bonaccorso2020-01-301-2/+2
|
* Mark CVE-2019-20387/libsolv as no-dsa for buster and stretchSalvatore Bonaccorso2020-01-301-0/+2
|
* Add fixed version for CVE-2019-20387/libsolvSalvatore Bonaccorso2020-01-301-1/+1
|
* data/dla-needed.txt: re-add openjpeg2 and claim itMike Gabriel2020-01-301-0/+4
|
* Reserve DLA-2088-1 for libsolvMike Gabriel2020-01-302-3/+3
|
* Revert "Add CVE-2020-0569/qt4-x11 as well"Salvatore Bonaccorso2020-01-301-1/+1
| | | | This reverts commit 5bd1b4fe297eec05696066f96ffbaf4d8c9633b6.
* Add CVE-2020-0569/qt4-x11 as wellSalvatore Bonaccorso2020-01-301-1/+1
| | | | Thanks: Lisandro Damián Nicanor Pérez Meyer
* Remove qtbase-opensource-src-gles from affected versions, thanks to lisandroMoritz Muehlenhoff2020-01-301-2/+0
|
* Reserve DLA-2087-1 for suricataMike Gabriel2020-01-302-2/+3
|
* qt updateMoritz Muehlenhoff2020-01-301-2/+4
|
* LTS/claim libxmlrpc3-java in dla-needed.txtRoberto C. Sánchez2020-01-301-1/+1
|
* Update tracking for CVE-2017-14858/exiv2Salvatore Bonaccorso2020-01-301-4/+1
|
* Update tracking for issues for exiv2 tracked in #868578Salvatore Bonaccorso2020-01-301-10/+5
|
* Update tracking for CVE-2018-5772/exiv2Salvatore Bonaccorso2020-01-301-2/+1
|
* Update tracking for CVE-2018-18915/exiv2Salvatore Bonaccorso2020-01-301-2/+1
|
* Update tracking for CVE-2018-19607/exiv2Salvatore Bonaccorso2020-01-301-2/+1
|
* Add fixed version for CVE-2019-20421/exiv2 via unstableSalvatore Bonaccorso2020-01-301-1/+1
|
* Adjust tracking of CVE-2019-9143 and CVE-2019-9144Salvatore Bonaccorso2020-01-301-4/+8
| | | | | | | The issues until some time ago only ever affected experimental, but then a 0.27.2 based version was uploaded to unstable moving the vulnerable state there. Adjust tracking and mark the fixed version first in unstable as 0.27.2-8.
* Add initial tracking for CVE-2020-0570/qtbase-opensource-srcSalvatore Bonaccorso2020-01-301-0/+4
|
* Add CVE-2020-0569 initial tracking (more work needed)Salvatore Bonaccorso2020-01-301-0/+4
|
* Add new ossec-hids issuesSalvatore Bonaccorso2020-01-301-7/+7
|
* Add spamassassin to dsa-needed listSalvatore Bonaccorso2020-01-301-0/+3
|
* Add CVE-2019-2044{4,5}/nettySalvatore Bonaccorso2020-01-301-2/+4
|
* Process one NFUSalvatore Bonaccorso2020-01-301-1/+1
|
* Remove TODO item CVE-2020-1930 and CVE-2020-1931 (checked)Salvatore Bonaccorso2020-01-301-2/+0
|
* Remove CVE-2019-17026 listing for DLA-2061-1Salvatore Bonaccorso2020-01-302-2/+2
| | | | | The issue only was fixed in upstream 68.4.1 ESR and the DLA-2061-1 upload was based on 68.4.0.
* CVE-2020-1930/spamassassin, CVE-2020-1931/spamassassinHenri Salo2020-01-301-0/+8
|
* Process two NFUsSalvatore Bonaccorso2020-01-301-2/+2
|
* automatic updatesecurity tracker role2020-01-301-16/+56
|
* Add CVE-2020-7238/nettySalvatore Bonaccorso2020-01-301-1/+4
|
* Add Debian bug reference for opensmtpd issuesSalvatore Bonaccorso2020-01-291-2/+2
|
* Add further note on CVE-2020-7247/opensmtpdSalvatore Bonaccorso2020-01-291-0/+3
|
* add stub entry for second opensmtpd issueMoritz Muehlenhoff2020-01-291-0/+5
|
* update stretch version for opensmtpdMoritz Muehlenhoff2020-01-292-2/+4
| | | | u-boot no-dsa
* Reserve DLA-2086-1 for wgetThorsten Alteholz2020-01-291-0/+3
|

© 2014-2024 Faster IT GmbH | imprint | privacy policy