Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a1875cce by Moritz Muehlenhoff at 2019-06-11T10:48:15Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6,6 +6,8 @@ CVE-2019-12791
RESERVED
CVE-2019-12790 (In radare2 through 3.5.1, there is a heap-based buffer
over-read in th ...)
- radare2 <unfixed> (bug #930344)
+ [buster] - radare2 <no-dsa> (Minor issue)
+ [stretch] - radare2 <no-dsa> (Minor issue)
NOTE: https://github.com/radare/radare2/issues/14211
CVE-2019-12789
RESERVED
@@ -140,7 +142,8 @@ CVE-2019-12731
RESERVED
CVE-2019-12730 (aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14
does not ...)
{DSA-4449-1}
- - ffmpeg <unfixed>
+ - ffmpeg <unfixed> (low)
+ [buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x
branch)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b
CVE-2019-12729
RESERVED
@@ -1334,58 +1337,72 @@ CVE-2019-12223
RESERVED
CVE-2019-12222 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
- libsdl2-image <unfixed>
+ [buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
[jessie] - libsdl2-image <no-dsa> (Minor issue)
- sdl-image1.2 <unfixed>
+ [buster] - sdl-image1.2 <no-dsa> (Minor issue)
[stretch] - sdl-image1.2 <no-dsa> (Minor issue)
[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4621
CVE-2019-12221 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
- libsdl2-image <unfixed>
+ [buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
[jessie] - libsdl2-image <no-dsa> (Minor issue)
- sdl-image1.2 <unfixed>
+ [buster] - sdl-image1.2 <no-dsa> (Minor issue)
[stretch] - sdl-image1.2 <no-dsa> (Minor issue)
[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4628
CVE-2019-12220 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
- libsdl2-image <unfixed>
+ [buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
[jessie] - libsdl2-image <no-dsa> (Minor issue)
- sdl-image1.2 <unfixed>
+ [buster] - sdl-image1.2 <no-dsa> (Minor issue)
[stretch] - sdl-image1.2 <no-dsa> (Minor issue)
[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4627
CVE-2019-12219 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
- libsdl2-image <unfixed>
+ [buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
[jessie] - libsdl2-image <no-dsa> (Minor issue)
- sdl-image1.2 <unfixed>
+ [buster] - sdl-image1.2 <no-dsa> (Minor issue)
[stretch] - sdl-image1.2 <no-dsa> (Minor issue)
[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4625
CVE-2019-12218 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
- libsdl2-image <unfixed>
+ [buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
[jessie] - libsdl2-image <no-dsa> (Minor issue)
- sdl-image1.2 <unfixed>
+ [buster] - sdl-image1.2 <no-dsa> (Minor issue)
[stretch] - sdl-image1.2 <no-dsa> (Minor issue)
[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4620
TODO: check details and correct vulnerability location
CVE-2019-12217 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
- libsdl2-image <unfixed>
+ [buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
[jessie] - libsdl2-image <no-dsa> (Minor issue)
- sdl-image1.2 <unfixed>
+ [buster] - sdl-image1.2 <no-dsa> (Minor issue)
[stretch] - sdl-image1.2 <no-dsa> (Minor issue)
[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4626
CVE-2019-12216 (An issue was discovered in libSDL2.a in Simple DirectMedia
Layer (SDL) ...)
- libsdl2-image <unfixed>
+ [buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
[jessie] - libsdl2-image <no-dsa> (Minor issue)
- sdl-image1.2 <unfixed>
+ [buster] - sdl-image1.2 <no-dsa> (Minor issue)
[stretch] - sdl-image1.2 <no-dsa> (Minor issue)
[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4619
@@ -9838,10 +9855,14 @@ CVE-2019-9153
RESERVED
CVE-2019-9152 (An issue was discovered in the HDF HDF5 1.10.4 library. There
is an ou ...)
- hdf5 <unfixed>
+ [buster] - hdf5 <no-dsa> (Minor issue)
+ [stretch] - hdf5 <no-dsa> (Minor issue)
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul8
NOTE: issue in upstream bug tracker:
https://jira.hdfgroup.org/browse/HDFFV-10719
CVE-2019-9151 (An issue was discovered in the HDF HDF5 1.10.4 library. There
is an ou ...)
- hdf5 <unfixed>
+ [buster] - hdf5 <no-dsa> (Minor issue)
+ [stretch] - hdf5 <no-dsa> (Minor issue)
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul7
NOTE: issue in upstream bug tracker:
https://jira.hdfgroup.org/browse/HDFFV-10718
CVE-2019-9150
@@ -11759,6 +11780,8 @@ CVE-2019-8398 (An issue was discovered in the HDF HDF5
1.10.4 library. There is
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10710
CVE-2019-8397 (An issue was discovered in the HDF HDF5 1.10.4 library. There
is an ou ...)
- hdf5 <unfixed>
+ [buster] - hdf5 <no-dsa> (Minor issue)
+ [stretch] - hdf5 <no-dsa> (Minor issue)
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul5
NOTE: issue in upstream bug tracker:
https://jira.hdfgroup.org/browse/HDFFV-10711
CVE-2019-8396 (A buffer overflow in H5O__layout_encode in H5Olayout.c in the
HDF HDF5 ...)
@@ -13469,8 +13492,10 @@ CVE-2019-7639 (An issue was discovered in
gsi-openssh-server 7.9p1 on Fedora 29.
CVE-2019-7638 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
{DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed> (bug #924609)
+ [buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed> (bug #924610)
+ [buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4500
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
@@ -13478,8 +13503,10 @@ CVE-2019-7638 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
{DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed> (bug #924609)
+ [buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed> (bug #924610)
+ [buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4497
NOTE: https://hg.libsdl.org/SDL/rev/9b0e5c555c0f
@@ -13487,8 +13514,10 @@ CVE-2019-7637 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
{DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed> (bug #924609)
+ [buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed> (bug #924610)
+ [buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4499
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
@@ -13496,13 +13525,17 @@ CVE-2019-7636 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
{DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed> (bug #924609)
+ [buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed> (bug #924610)
+ [buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
- sdl-image1.2 <unfixed>
+ [buster] - sdl-image1.2 <no-dsa> (Minor issue)
[stretch] - sdl-image1.2 <no-dsa> (Minor issue)
[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
- libsdl2-image <unfixed>
+ [buster] - libsdl2-image <no-dsa> (Minor issue)
[stretch] - libsdl2-image <no-dsa> (Minor issue)
[jessie] - libsdl2-image <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4498
@@ -13634,16 +13667,20 @@ CVE-2019-7579
CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
{DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed> (bug #924609)
+ [buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed> (bug #924610)
+ [buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4494
NOTE: Proposed patch:
https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3623
CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
{DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed> (bug #924609)
+ [buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed> (bug #924610)
+ [buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4492
NOTE: Proposed patch:
https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3608
@@ -13651,8 +13688,10 @@ CVE-2019-7577 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
{DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed> (bug #924609)
+ [buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed> (bug #924610)
+ [buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4490
NOTE: Proposed patch:
https://bugzilla.libsdl.org/attachment.cgi?id=3620&action=diff
@@ -13660,32 +13699,40 @@ CVE-2019-7576 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
{DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed> (bug #924609)
+ [buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed> (bug #924610)
+ [buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4493
NOTE: Proposed patch:
https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3609
CVE-2019-7574 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
{DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed> (bug #924609)
+ [buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed> (bug #924610)
+ [buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4496
NOTE: Proposed patch:
https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3610
CVE-2019-7573 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
{DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed> (bug #924609)
+ [buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed> (bug #924610)
+ [buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4491
NOTE: Proposed patch:
https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3620
CVE-2019-7572 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
{DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed> (bug #924609)
+ [buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed> (bug #924610)
+ [buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4495
NOTE: Proposed patch:
https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3612
@@ -39399,6 +39446,7 @@ CVE-2018-17439 (An issue was discovered in the HDF HDF5
1.10.3 library. There is
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10589
CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of
H5Dselec ...)
- hdf5 <unfixed> (low)
+ [buster] - hdf5 <no-dsa> (Minor issue)
[stretch] - hdf5 <no-dsa> (Minor issue)
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10587
@@ -39406,6 +39454,7 @@ CVE-2018-17438 (A SIGFPE signal is raised in the
function H5D__select_io() of H5
CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in
H5Odtype.c in ...)
[experimental] - hdf5 1.10.5+repack-1~exp1
- hdf5 <unfixed> (low)
+ [buster] - hdf5 <no-dsa> (Minor issue)
[stretch] - hdf5 <no-dsa> (Minor issue)
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#memory-leak-in-h5o_dtype_decode_helper
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10588
@@ -39421,6 +39470,7 @@ CVE-2018-17435 (A heap-based buffer over-read in
H5O_attr_decode() in H5Oattr.c
CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of
h5repack_ ...)
[experimental] - hdf5 1.10.5+repack-1~exp1
- hdf5 <unfixed> (low)
+ [buster] - hdf5 <no-dsa> (Minor issue)
[stretch] - hdf5 <no-dsa> (Minor issue)
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10586
@@ -39432,6 +39482,8 @@ CVE-2018-17433 (A heap-based buffer overflow in
ReadGifImageDesc() in gifread.c
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10592
CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in
H5Osdspace.c in ...)
- hdf5 <unfixed>
+ [buster] - hdf5 <no-dsa> (Minor issue)
+ [stretch] - hdf5 <no-dsa> (Minor issue)
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode
NOTE: upstream bug tracker (not public):
https://jira.hdfgroup.org/browse/HDFFV-10590
NOTE: fix planned for HDF5-1.10.6 (will also be backported to HDF5-1.8)
@@ -39855,6 +39907,7 @@ CVE-2018-17238
RESERVED
CVE-2018-17237 (A SIGFPE signal is raised in the function
H5D__chunk_set_info_real() o ...)
- hdf5 <unfixed> (low)
+ [buster] - hdf5 <no-dsa> (Minor issue)
[stretch] - hdf5 <no-dsa> (Minor issue)
NOTE:
https://github.com/SegfaultMasters/covering360/blob/master/HDF5/README.md#divided-by-zero---h5d__chunk_set_info_real_div_by_zero
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10571 (not public)
@@ -39872,6 +39925,7 @@ CVE-2018-17235 (The function
mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629451
CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in
H5Ocache.c in ...)
- hdf5 <unfixed> (low)
+ [buster] - hdf5 <no-dsa> (Minor issue)
[stretch] - hdf5 <no-dsa> (Minor issue)
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10578 (not public)
@@ -39880,6 +39934,7 @@ CVE-2018-17234 (Memory leak in the
H5O__chunk_deserialize() function in H5Ocache
CVE-2018-17233 (A SIGFPE signal is raised in the function
H5D__create_chunk_file_map_h ...)
[experimental] - hdf5 1.10.5+repack-1~exp1
- hdf5 <unfixed> (low)
+ [buster] - hdf5 <no-dsa> (Minor issue)
[stretch] - hdf5 <no-dsa> (Minor issue)
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10577
@@ -88562,6 +88617,7 @@ CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does
not prevent infinite recur
{DLA-1194-1}
[experimental] - libxml2 2.9.7+dfsg-1
- libxml2 <unfixed> (bug #882613)
+ [buster] - libxml2 <ignored> (Minor issue; too intrusive to backport)
[stretch] - libxml2 <ignored> (Minor issue; too intrusive to backport)
[jessie] - libxml2 <ignored> (Minor issue; too intrusive to backport)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759579
@@ -139800,6 +139856,7 @@ CVE-2016-9319 (There is Missing SSL Certificate
Validation in the Trend Micro En
NOT-FOR-US: Trend Micro
CVE-2016-9318 (libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier
and ot ...)
- libxml2 <unfixed> (bug #844581)
+ [buster] - libxml2 <ignored> (Minor issue; intrusive to backport)
[stretch] - libxml2 <ignored> (Minor issue; intrusive to backport)
[jessie] - libxml2 <ignored> (Minor issue; intrusive to backport)
[wheezy] - libxml2 <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1875cce52f54e49decdf9bea9c9b9d5062fe2b4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1875cce52f54e49decdf9bea9c9b9d5062fe2b4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
