Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Typo fix | Henri Salo | 2021-09-24 | 1 | -3/+3 |
| | |||||
* | automatic update | security tracker role | 2021-08-09 | 1 | -2/+1 |
| | |||||
* | Update inormation on some older CVEs to make tracking a bit more consistent | Salvatore Bonaccorso | 2021-07-10 | 1 | -1/+1 |
| | |||||
* | Switch several git.videolan.org references to access via https | Salvatore Bonaccorso | 2021-06-02 | 1 | -21/+21 |
| | |||||
* | Merge updates acked and included in the Debian buster 10.8 point release | Salvatore Bonaccorso | 2021-02-06 | 1 | -1/+1 |
| | | | | | | | For the first time with the help of 'merge-cve-files' as implemented by Emilio Pozuelo Monfort. next-point-update.txt: Cleanup list from merged entries | ||||
* | Replace some old code hosting references to new location | Salvatore Bonaccorso | 2020-12-16 | 1 | -3/+3 |
| | |||||
* | CVE/list: fix whitespace inconsistencies | Emilio Pozuelo Monfort | 2020-12-02 | 1 | -2/+2 |
| | |||||
* | Update mp3gain info | Stefan Fritsch | 2020-11-07 | 1 | -1/+1 |
| | | | | | mp3gain has been re-introduced into Debian. It no longer embeds mpg123. | ||||
* | automatic update | security tracker role | 2020-11-06 | 1 | -3/+3 |
| | |||||
* | CVE/list: sort release entries after their package entry | Emilio Pozuelo Monfort | 2020-11-05 | 1 | -10/+11 |
| | |||||
* | Mark CVE-2014-10402/libdbi-perl as no-dsa | Salvatore Bonaccorso | 2020-10-28 | 1 | -1/+1 |
| | |||||
* | Track fixed version for CVE-2014-10402/libdbi-perl | Salvatore Bonaccorso | 2020-10-28 | 1 | -1/+1 |
| | |||||
* | Add Debian bug reference for CVE-2014-10402/libdbi-perl | Salvatore Bonaccorso | 2020-10-13 | 1 | -1/+1 |
| | |||||
* | Reference proposed fix for CVE-2014-10401/libdbi-perl | Salvatore Bonaccorso | 2020-10-06 | 1 | -0/+1 |
| | |||||
* | CVE-2014-10402/libdbi-perl: stretch postponed | Sylvain Beucler | 2020-09-28 | 1 | -0/+1 |
| | |||||
* | postpone decision on CVE-2014-10402 | Salvatore Bonaccorso | 2020-09-17 | 1 | -0/+1 |
| | |||||
* | Add CVE-2014-10402/libdbi-perl | Salvatore Bonaccorso | 2020-09-16 | 1 | -1/+2 |
| | |||||
* | automatic update | security tracker role | 2020-09-16 | 1 | -0/+2 |
| | |||||
* | NFUs | Moritz Muehlenhoff | 2020-09-13 | 1 | -1/+1 |
| | |||||
* | Add CVE-2014-10401/libdbi-perl | Salvatore Bonaccorso | 2020-09-12 | 1 | -1/+3 |
| | |||||
* | automatic update | security tracker role | 2020-09-11 | 1 | -0/+2 |
| | |||||
* | automatic update | security tracker role | 2020-09-11 | 1 | -2/+2 |
| | |||||
* | automatic update | security tracker role | 2020-08-30 | 1 | -0/+1 |
| | |||||
* | Restore severity asssignment and mark source as removed | Salvatore Bonaccorso | 2020-08-30 | 1 | -1/+1 |
| | |||||
* | Reserve DLA-2356-1 for freerdp | Mike Gabriel | 2020-08-30 | 1 | -1/+1 |
| | |||||
* | Use HTTPS transport for www.openwall.com/lists/oss-security URLs | Salvatore Bonaccorso | 2020-08-24 | 1 | -55/+55 |
| | |||||
* | Reference bugs.php.net URLs with HTTPS transport | Salvatore Bonaccorso | 2020-08-23 | 1 | -2/+2 |
| | |||||
* | Replace git.php.net HTTP URLs with HTTPS URLs | Salvatore Bonaccorso | 2020-08-23 | 1 | -12/+12 |
| | |||||
* | Switch some http://git.ghostscript.com URLS | Salvatore Bonaccorso | 2020-08-22 | 1 | -1/+1 |
| | |||||
* | NFUs | Moritz Muehlenhoff | 2020-07-31 | 1 | -1/+1 |
| | |||||
* | Mark CVE-2014-3566/netsurf as fixed with 3.6-1 | Salvatore Bonaccorso | 2020-07-29 | 1 | -1/+1 |
| | | | | | | | Upstream commit b2242c57e17f ("HTTPS: disable all SSL versions; emit fallback SCSV on downgrade.") in 3.3 disables SSLv3. Later on commit a8bf9b05aa94 ("HTTPS: restrict ciphersuites") in 3.8 restricts further the cipyersuites. | ||||
* | automatic update | security tracker role | 2020-07-22 | 1 | -2/+2 |
| | |||||
* | CVE-2014-9365/python3.4: jessie triage precision | Sylvain Beucler | 2020-06-23 | 1 | -1/+1 |
| | |||||
* | Process NFUs | Salvatore Bonaccorso | 2020-06-02 | 1 | -10/+10 |
| | |||||
* | Process NFUs | Salvatore Bonaccorso | 2020-06-02 | 1 | -3/+3 |
| | |||||
* | automatic update | security tracker role | 2020-06-01 | 1 | -27/+27 |
| | |||||
* | new ntp issue | Moritz Muehlenhoff | 2020-05-28 | 1 | -1/+1 |
| | | | | | NFUs add and take ffmpeg | ||||
* | automatic update | security tracker role | 2020-05-08 | 1 | -2/+2 |
| | |||||
* | Slightly reorganize notes for CVE-2014-2875 | Salvatore Bonaccorso | 2020-03-31 | 1 | -4/+3 |
| | | | | | | Add the original CVE bug to the source package and expand explanation why the issue is not exploitable according to the analysis from Brian May. | ||||
* | Demote CVE-2014-2875 to unimportant | Salvatore Bonaccorso | 2020-03-31 | 1 | -1/+2 |
| | | | | | | Reasoning: as per previous commit the issue is present, but due to the code beeing broken the issue is unexploitable. Mark the issue as unfixed but demote it to unimportant. | ||||
* | lua-cgi - code is broken and cannot be exploited | Brian May | 2020-04-01 | 1 | -1/+3 |
| | | | | | | | | | | | | | As per bug #954300, the session.close function is broken. This means it is not possible to save session data. This in turn means it there are no concerns if the session id is made public because there is no sensitive data associated with the session. So it doesn't matter if somebody attempts to guess the session id because it doesn't reveal anything useful. This bug is trivial to resolve, however the fact that nobody is complaining about this bug or trying to fix the bug would strongly suggest that nobody is using session management with lua-cgi. | ||||
* | "new" ruby issue, "new" bitcoin issues, NFUs | Moritz Muehlenhoff | 2020-03-24 | 1 | -3/+3 |
| | |||||
* | vino fixed | Moritz Muehlenhoff | 2020-03-21 | 1 | -1/+1 |
| | |||||
* | Reference reported upstream issue for CVE-2014-2875 | Salvatore Bonaccorso | 2020-03-19 | 1 | -0/+1 |
| | |||||
* | automatic update | security tracker role | 2020-03-19 | 1 | -6/+6 |
| | |||||
* | NFUs | Moritz Muehlenhoff | 2020-03-09 | 1 | -4/+3 |
| | |||||
* | automatic update | security tracker role | 2020-03-09 | 1 | -2/+2 |
| | |||||
* | CVE-2014-2875/lua-cgi: reference BTS | Sylvain Beucler | 2020-03-03 | 1 | -1/+1 |
| | |||||
* | CVE-2014-10399,CVE-2014-10400/lua-cgi: not-affected | Sylvain Beucler | 2020-03-03 | 1 | -2/+4 |
| | |||||
* | NFUs | Moritz Muehlenhoff | 2020-03-02 | 1 | -3/+3 |
| |