Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Improve error handling in grab-cve-in-fixgrabcvefix | Neil Williams | 2022-01-27 | 1 | -5/+36 |
| | | | | | | Catch and report on possible typos in changes entries to better support maintainers pre-checking the d.changelog entries before upload - as long as the .changes file is signed. | ||||
* | Pylint updates | Neil Williams | 2022-01-27 | 2 | -97/+60 |
| | | | | Extend linelength to 120 in black. | ||||
* | Update grab-cve-in-fix for known examples | Neil Williams | 2022-01-27 | 3 | -26/+180 |
| | | | | | | | | | | Support catching errors in the d.changelog Add support for forcing a specific version Fix typo in new support in bin/merge-cve-files Update support in update-vuln to insert new PackageAnnotations in specific order. | ||||
* | Add remaining support and switch to using logging | Neil Williams | 2022-01-27 | 1 | -21/+146 |
| | | | | | | Add support to add a bug number. Add warnings in --help that each update must be merged before the same CVE can be updated again. | ||||
* | Add support for merging NOTE: StringAnnotations | Neil Williams | 2022-01-27 | 1 | -1/+46 |
| | |||||
* | Add support for --input accepting email text on STDIN | Neil Williams | 2022-01-27 | 1 | -27/+78 |
| | |||||
* | Add initial update-vuln script | Neil Williams | 2022-01-27 | 1 | -0/+182 |
| | |||||
* | grab-cve-in-fix #1001451 | Neil Williams | 2022-01-27 | 1 | -0/+279 |
| | | | | Add a tool to ease processing of new uploads which fix CVEs | ||||
* | Process more NFUs | Salvatore Bonaccorso | 2022-01-27 | 1 | -4/+4 |
| | |||||
* | automatic update | security tracker role | 2022-01-27 | 2 | -24/+284 |
| | |||||
* | Add CVE-2021-22570/protobuf | Salvatore Bonaccorso | 2022-01-27 | 1 | -1/+4 |
| | |||||
* | Add CVE-2022-21715/codeigniter | Salvatore Bonaccorso | 2022-01-27 | 1 | -1/+1 |
| | |||||
* | Process some NFUs | Salvatore Bonaccorso | 2022-01-27 | 2 | -31/+31 |
| | |||||
* | Reference upstream commit for CVE-2022-22844/tiff | Salvatore Bonaccorso | 2022-01-27 | 1 | -0/+1 |
| | |||||
* | Track fixed verison via unstable for CVE-2022-22844/tiff | Salvatore Bonaccorso | 2022-01-27 | 1 | -1/+1 |
| | |||||
* | Process NFUs | Salvatore Bonaccorso | 2022-01-26 | 2 | -22/+22 |
| | |||||
* | Unify naming of ShowDoc NFU | Salvatore Bonaccorso | 2022-01-26 | 2 | -14/+14 |
| | |||||
* | Add CVE-2022-0359/vim | Salvatore Bonaccorso | 2022-01-26 | 1 | -1/+5 |
| | |||||
* | Add CVE-2022-0361/vim | Salvatore Bonaccorso | 2022-01-26 | 1 | -1/+5 |
| | |||||
* | Add CVE-2022-0368/vim | Salvatore Bonaccorso | 2022-01-26 | 1 | -1/+5 |
| | |||||
* | Proces some NFUs | Salvatore Bonaccorso | 2022-01-26 | 2 | -5/+5 |
| | |||||
* | Add CVE-2022-23990/expat | Salvatore Bonaccorso | 2022-01-26 | 1 | -1/+2 |
| | |||||
* | CVE-2022-23132/zabbix: precision | Sylvain Beucler | 2022-01-26 | 1 | -1/+1 |
| | |||||
* | CVE-2022-23132/zabbix: stretch not-affected | Sylvain Beucler | 2022-01-26 | 1 | -0/+1 |
| | |||||
* | Process some NFUs | Salvatore Bonaccorso | 2022-01-26 | 1 | -3/+3 |
| | |||||
* | Add CVE-2021-22600/linux | Salvatore Bonaccorso | 2022-01-26 | 1 | -1/+4 |
| | |||||
* | automatic update | security tracker role | 2022-01-26 | 4 | -67/+155 |
| | |||||
* | List CVE-2021-46141 for DLA 2883-2 | Salvatore Bonaccorso | 2022-01-26 | 1 | -0/+1 |
| | | | | | | Rationale: it's not a functional regression here, but the respective security fix to address CVE-2021-46141 was incomplete. So we list the CVE here again. | ||||
* | Reserve DSA number for uriparser update | Salvatore Bonaccorso | 2022-01-26 | 2 | -2/+4 |
| | |||||
* | Reserve DLA-2883-2 for uriparser | Chris Lamb | 2022-01-26 | 2 | -3/+2 |
| | |||||
* | data/dla-needed.txt: Triage uriparser for stretch LTS (CVE-2021-46141) | Chris Lamb | 2022-01-26 | 1 | -0/+3 |
| | |||||
* | data/dla-needed.txt: Correct ordering | Chris Lamb | 2022-01-26 | 1 | -2/+2 |
| | |||||
* | Track fixed version via unstable for CVE-2021-45079/strongswan | Salvatore Bonaccorso | 2022-01-26 | 1 | -1/+1 |
| | |||||
* | node-cached-path-relative fixed in sid | Moritz Muehlenhoff | 2022-01-26 | 1 | -1/+1 |
| | |||||
* | Process some NFUs | Neil Williams | 2022-01-26 | 1 | -8/+8 |
| | |||||
* | buster/bullseye triage | Moritz Muehlenhoff | 2022-01-26 | 3 | -1/+17 |
| | | | | remove node-matrix-js-sdk for CVE-2021-44538, seems unrelated | ||||
* | CVE-2021-26247/cacti | Neil Williams | 2022-01-26 | 1 | -1/+4 |
| | | | | Upstream included this fix in the same issue & commit for CVE-2021-3816 | ||||
* | Process 1 NFU | Neil Williams | 2022-01-26 | 1 | -1/+1 |
| | |||||
* | Add CVE-2022-0351/vim | Salvatore Bonaccorso | 2022-01-26 | 1 | -1/+5 |
| | |||||
* | Add CVE-2022-0338/loguru | Salvatore Bonaccorso | 2022-01-26 | 1 | -1/+4 |
| | | | | | | I'm marking this as unimportant as the action taken by upstream seems to be to clarify the documentation with respect to security considerations to be taken and documenting best practices. | ||||
* | Add CVE-2021-45343/librecad | Salvatore Bonaccorso | 2022-01-26 | 1 | -1/+4 |
| | |||||
* | Add CVE-2021-45342/librecad | Salvatore Bonaccorso | 2022-01-26 | 1 | -1/+4 |
| | |||||
* | Add Debian bug reference for CVE-2021-45340/libsixel | Salvatore Bonaccorso | 2022-01-26 | 1 | -1/+1 |
| | |||||
* | Add CVE-2021-45341/librecad | Salvatore Bonaccorso | 2022-01-26 | 1 | -1/+4 |
| | |||||
* | Add CVE-2021-3850 for libphp-adodb | Neil Williams | 2022-01-26 | 1 | -1/+3 |
| | |||||
* | Add CVE-2021-45340/libsixel | Salvatore Bonaccorso | 2022-01-26 | 1 | -1/+3 |
| | |||||
* | Process some more new NFUs | Salvatore Bonaccorso | 2022-01-26 | 2 | -24/+24 |
| | |||||
* | Add CVE-2022-23959/varnish | Salvatore Bonaccorso | 2022-01-26 | 1 | -1/+5 |
| | |||||
* | Process NFU | Neil Williams | 2022-01-26 | 1 | -1/+1 |
| | |||||
* | Process one NFU | Salvatore Bonaccorso | 2022-01-26 | 1 | -1/+1 |
| |