(Testing repo) Debian Security Tracker with split CVE files (v1) - Testing repo for split files effort (Format list.yyyy)

	Commit message (Collapse)	Author	Age	Files	Lines
*	Typo fix	Henri Salo	2021-09-24	1	-2/+2
\|
*	automatic update	security tracker role	2021-09-23	1	-0/+2
\|
*	Reassociate some of the Mattermost NFUs to the ITP'ed entries	Salvatore Bonaccorso	2021-09-22	1	-23/+23
\|
*	openssh unimportant	Moritz Muehlenhoff	2021-09-16	1	-3/+2
\|
*	Mark CVE-2016-20012/openssh as no-dsa for bullseye and buster	Salvatore Bonaccorso	2021-09-16	1	-0/+2
\|
*	Add CVE-2016-20012/openssh	Salvatore Bonaccorso	2021-09-16	1	-1/+2
\|
*	automatic update	security tracker role	2021-09-16	1	-0/+2
\|
*	Track fixed version for CVE-2016-10345/passenger via unstable	Salvatore Bonaccorso	2021-08-17	1	-1/+1
\|
*	Update notes for mupdf	Neil Williams	2021-08-06	1	-2/+0
\|
*	Clarify 49c364ab for mupdf	Neil Williams	2021-08-06	1	-2/+2
\| \| \| \| \| \|	Vulnerable C code exists in the source package but this is neither compiled nor packaged in stretch. Set <ignored> in preference to <not-affected>.
*	mupdf - binary from jstest_main.c is not packaged	Neil Williams	2021-08-05	1	-0/+2
\| \| \| \| \|	As with wheezy, the mujstest binary is not included in the binary packages in Debian.
*	Add fixed version via experimetnal for CVE-2016-11086/ruby-oauth	Salvatore Bonaccorso	2021-08-04	1	-0/+1
\|
*	Update inormation on some older CVEs to make tracking a bit more consistent	Salvatore Bonaccorso	2021-07-10	1	-8/+6
\|
*	Track fixed version for several uclibc issues	Salvatore Bonaccorso	2021-07-03	1	-3/+3
\|
*	Add tracking bug for old uclibc issues	Salvatore Bonaccorso	2021-07-03	1	-3/+3
\|
*	Switch several git.videolan.org references to access via https	Salvatore Bonaccorso	2021-06-02	1	-9/+9
\|
*	Mark CVE-2016-20011/libgrss as ignored for stretch	Utkarsh Gupta	2021-05-30	1	-0/+1
\|
*	buster/bullseye triage	Moritz Muehlenhoff	2021-05-26	1	-0/+2
\|
*	Add Debian bug reference for CVE-2016-20011/libgrss	Salvatore Bonaccorso	2021-05-26	1	-1/+1
\|
*	Replace isc-dhcp git repository reference with URLs to gitlab instance	Salvatore Bonaccorso	2021-05-26	1	-1/+1
\|
*	Add CVE-2016-20011/libgrss	Salvatore Bonaccorso	2021-05-26	1	-1/+3
\|
*	automatic update	security tracker role	2021-05-26	1	-0/+2
\|
*	Process some more NFUs	Salvatore Bonaccorso	2021-05-05	1	-1/+1
\|
*	automatic update	security tracker role	2021-05-05	1	-0/+2
\|
*	automatic update	security tracker role	2021-04-27	1	-1/+1
\|
*	CVE-2016-5007/libspring-java: precision	Sylvain Beucler	2021-04-12	1	-1/+1
\|
*	automatic update	security tracker role	2021-04-09	1	-40/+40
\|
*	bullseye triage	Moritz Muehlenhoff	2021-03-22	1	-0/+1
\|
*	Fix two typos	Salvatore Bonaccorso	2021-03-20	1	-1/+1
\|
*	new leptonlib issues	Moritz Muehlenhoff	2021-03-12	1	-1/+1
\| \| \| \|	NFUs
*	automatic update	security tracker role	2021-03-12	1	-0/+2
\|
*	automatic update	security tracker role	2021-03-05	1	-1/+1
\|
*	automatic update	security tracker role	2021-03-02	1	-71/+71
\|
*	Mark CVE-2016-2568 ignored for bullseye	Salvatore Bonaccorso	2021-02-28	1	-0/+1
\|
*	Mark CVE-2016-10127 as no-dsa for bullseye	Salvatore Bonaccorso	2021-02-28	1	-0/+1
\|
*	mujs entered the archive, recheck some older CVEs	Salvatore Bonaccorso	2021-02-18	1	-13/+28
\|
*	automatic update	security tracker role	2021-02-15	1	-2/+2
\|
*	Remove no-dsa tags for upcoming busybox update in Stretch.	Markus Koschany	2021-02-15	1	-2/+0
\|
*	Strip no-dsa tags for wavpack for jessie	Utkarsh Gupta	2021-01-14	1	-1/+0
\|
*	Ignore CVE-2016-7964/dokuwiki for bullseye	Salvatore Bonaccorso	2021-01-02	1	-0/+1
\|
*	Process NFUs	Salvatore Bonaccorso	2021-01-01	1	-8/+8
\|
*	automatic update	security tracker role	2021-01-01	1	-0/+16
\|
*	Replace dropbear repository reference with working URL	Salvatore Bonaccorso	2020-12-31	1	-4/+4
\| \| \| \| \|	Apparently repository moved from https://secure.ucc.asn.au/hg/dropbear to https://hg.ucc.asn.au/dropbear and so replace previous references.
*	Process some NFUs	Salvatore Bonaccorso	2020-12-31	1	-5/+5
\|
*	automatic update	security tracker role	2020-12-31	1	-10/+10
\|
*	bullseye triage	Moritz Muehlenhoff	2020-12-27	1	-1/+4
\|
*	Track fixed version via unstable for CVE-2016-7151/capstone	Salvatore Bonaccorso	2020-12-20	1	-1/+1
\|
*	bullseye triage	Moritz Muehlenhoff	2020-12-18	1	-0/+1
\|
*	Update information on CVE-2016-11086	Salvatore Bonaccorso	2020-12-15	1	-10/+5
\| \| \| \| \|	Mark it as unimportant as it does not affect the binary packages in Debian (by default, unless a user has removed the certificates).
*	Declared CVE-2016-11086 as minor issue since the problem is exploitable if ↵	Ola Lundqvist	2020-12-15	1	-0/+11
\| \| \| \|	/etc/ssl/certs/ca-certificates.crt does not exist. However this file normally exists since ruby-oath depends on ruby who in turn depend on ca-certificates package which generates this file. This means that in Debian this file always eists unless the admin has intentionally removed it. So the package is vulnerable but typically not in Debian. Updating this vulnerability could even cause a regression because some server admin may intentionally have removed this file to not check the certificate.