] - pysha3 1.0.2-2+deb10u1
=
data/dla-needed.txt
=
@@ -184,10 +184,6 @@ pluxml
NOTE: 20220913: Programming language: PHP.
NOTE: 20220913: Special attention: orphaned package.
--
-python3.7 (Stefano Rivera)
- NOTE: 20221031
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7241fcb9 by Salvatore Bonaccorso at 2022-11-01T07:01:30+01:00
CVE-2022-39253/git and CVE-2022-39260/git fixed via unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
==
Abhijith PA pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
19db2921 by Abhijith PA at 2022-11-01T11:19:16+05:30
Mark CVE-2022-31778 as ignored for buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/lis
-needed.txt
=
@@ -100,11 +100,13 @@ ini4j
jackson-databind
NOTE: 20221030: Programming language: Java.
--
+jhead
NOTE: 20221031: Programming language: C.
NOTE: 20221031: Note that multiple options are vulnerable. The attacker have
to trick someone to
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a9ec9555 by Salvatore Bonaccorso at 2022-11-01T06:17:51+01:00
Mark pysha3 as removed from unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e30faf70 by Salvatore Bonaccorso at 2022-10-31T22:29:41+01:00
Add ntfs-3g to dsa-needed list
- - - - -
23c08961 by Salvatore Bonaccorso at 2022-10-31T22:30:14+01:00
Take ntfs-3g from dsa-needed
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0076ed8e by Sylvain Beucler at 2022-10-31T22:23:20+01:00
CVE-2022-31008/rabbitmq-server: references patches reducing the affected
versions range
not triaging, letting LTS front-desk and/or security-
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
45d0f666 by Salvatore Bonaccorso at 2022-10-31T21:29:40+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b75a1cff by Salvatore Bonaccorso at 2022-10-31T21:20:06+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
: 20221018: https://lists.debian.org/debian-lts/2022/10/msg00037.html
--
+ceph
+ NOTE: 20221031: Programming language: C++.
+ NOTE: 20221031: To be checked further. Not clear whether the vulnerability
can be exploited in a Debian system.
+ NOTE: 20221031: What should be checked is whether any user with
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
12a48cc6 by security tracker role at 2022-10-31T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2c6923bf by Ola Lundqvist at 2022-10-31T20:49:44+01:00
Marked CVE-2022-42920 for node-minimatch as no-dsa for buster following
decision for bullseye.
- - - - -
1 changed file:
- data/CVE/list
Ch
-needed.txt
=
@@ -153,6 +153,10 @@ node-css-what
node-tar
NOTE: 20220907: Programming language: JavaScript.
--
+ntfs-3g
+ NOTE: 20221031: Programming language: C.
+ NOTE: 20221031: VCS: https://salsa.debian.org/lts-team/packages/ntfs-3g.git
+--
openexr
NOTE
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e852f8e0 by Salvatore Bonaccorso at 2022-10-31T19:29:49+01:00
Track fixed version for libxml2 issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
==
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab74f9d7 by Salvatore Bonaccorso at 2022-10-31T19:28:21+01:00
Track fixed version for CVE-2022-40284/ntfs-3g via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
==
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
47b9536d by Salvatore Bonaccorso at 2022-10-31T19:25:40+01:00
Track upstream commits for CVE-2022-40284/ntfs-3g
- - - - -
1 changed file:
- data/CVE/list
Changes:
ta/dla-needed.txt
Changes:
=
data/dla-needed.txt
=
@@ -83,7 +83,7 @@ hsqldb
NOTE: 20221031: To be investigated further. A possible outcome is to ignore
it.
NOTE: 20221031: https://lists.debian.org/debian-lts/2022/10/msg0006
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fd693cb3 by Salvatore Bonaccorso at 2022-10-31T19:21:26+01:00
Remove two check items for CVE-2022-3168 and CVE-2022-20128
Entries looks correct with temporary tracking of fixed version in
exper
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9fd20b1f by Sylvain Beucler at 2022-10-31T16:36:30+01:00
CVE-2022-3276/puppet-module-puppetlabs-mysql: reference commits following
upstream confirmation
- - - - -
1 changed file:
- data/CVE/list
+ NOTE: 20221031: Programming language: C.
+ NOTE: 20221031: CVE-2022-37454 is what is of most concern.
+--
phpseclib
NOTE: 20220909: Programming language: PHP.
NOTE: 20220909: Note the discussion whether 2.0 is in fact affected by the
CVE or not. It looks like it is affected by a small
Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b8c1e028 by Ola Lundqvist at 2022-10-31T15:51:43+01:00
Triaged python-cmarkgfm for LTS (buster) and concluded CVE-2022-24724 and
CVE-2022-39209 to be minor issues. Same conclusion as cmark-gfm.
- - -
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
35eb7223 by Sylvain Beucler at 2022-10-31T15:29:27+01:00
CVE-2022-20128,CVE-2022-3168/android-platform-tools (adb): reference public
disclosure
- - - - -
1 changed file:
- data/CVE/list
Change
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0ec4db72 by Salvatore Bonaccorso at 2022-10-31T15:12:33+01:00
Add CVE-2022-40284/ntfs-3g
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/
Changes:
=
data/dla-needed.txt
=
@@ -110,6 +110,9 @@ kopanocore
lava
NOTE: 20221031: Programming language: Python.
--
+libapreq2
+ NOTE: 20221031: Programming language: C.
+--
libcommons-jxpath-java
NOTE: 20221027
+ NOTE: 20221031: Programming language: Erlang.
+ NOTE: 20221031: New configuration option. Should be studied further..
+ NOTE: 20221031: Potentially the outcome is to ignore the issue..
+--
rails (Abhijith PA)
NOTE: 20220909: Regression on 2:5.2.2.1+dfsg-1+deb10u4 (abhijith)
NOTE: 20220909
:
=
data/dla-needed.txt
=
@@ -78,6 +78,11 @@ golang-websocket
graphicsmagick
NOTE: 20221027: Programming language: C.
--
+hsqldb
+ NOTE: 20221031: Programming language: Java.
+ NOTE: 20221031: To be investigated further. A possible outcome is to
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
38f016b3 by Sylvain Beucler at 2022-10-31T14:18:51+01:00
CVE-2022-37454/php*: introduced in 7.2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CV
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fabc7c5a by Markus Koschany at 2022-10-31T13:36:30+01:00
CVE-2022-41853,hsqldb: Link to possible fixing commit
- - - - -
1 changed file:
- data/CVE/list
Changes:
==
: 20221003: Please evaluate, whether it can be applied.
--
+consul
+ NOTE: 20221031: Programming language: Go.
+ NOTE: 20221031: Concluded that the package should be fixed by the CVE
description. Source code not analyzed in detail.
+--
curl (Emilio)
NOTE: 20220901: Programming language:
+154,6 @@ pluxml
NOTE: 20220913: Programming language: PHP.
NOTE: 20220913: Special attention: orphaned package.
--
-pysha3 (Stefano Rivera)
- NOTE: 20221031: Programming language: Python.
- NOTE: 20221031: Special attention: urgent.
---
python3.7 (Stefano Rivera)
NOTE: 20221031
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
380c2080 by Sylvain Beucler at 2022-10-31T11:10:29+01:00
CVE-2022-37454/python3*: introduced in 3.6
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
dat
Stefano Rivera pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
08647d86 by Stefano Rivera at 2022-10-31T11:30:16+02:00
Clarify pypy3.6 in history
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
===
(Stefano Rivera)
NOTE: 20221031: Programming language: Python.
NOTE: 20221031: Special attention: urgent.
--
+python3.7 (Stefano Rivera)
+ NOTE: 20221031: Programming language: C.
+ NOTE: 20221031: Special attention: urgent.
+--
python-django
NOTE: 20221031: Programming language: Python
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0ee0cb88 by Salvatore Bonaccorso at 2022-10-31T10:17:22+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b0513b34 by security tracker role at 2022-10-31T08:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7da36de5 by Salvatore Bonaccorso at 2022-10-31T08:38:53+01:00
Add CVE-2022-3707/linux
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/lis
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc139021 by Salvatore Bonaccorso at 2022-10-31T08:29:23+01:00
Add CVE-2022-3500 as NFU
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/li
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d8f21266 by Salvatore Bonaccorso at 2022-10-31T08:28:30+01:00
Add CVE-2022-1415 as NFU
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/li
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a078ad85 by Salvatore Bonaccorso at 2022-10-31T08:06:51+01:00
Track fixed version for CVE-2022-3705/vim
- - - - -
1 changed file:
- data/CVE/list
Changes:
39 matches
Mail list logo
