Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Typo fix | Henri Salo | 2021-09-24 | 1 | -2/+2 |
| | |||||
* | automatic update | security tracker role | 2021-09-23 | 1 | -0/+2 |
| | |||||
* | Reassociate some of the Mattermost NFUs to the ITP'ed entries | Salvatore Bonaccorso | 2021-09-22 | 1 | -23/+23 |
| | |||||
* | openssh unimportant | Moritz Muehlenhoff | 2021-09-16 | 1 | -3/+2 |
| | |||||
* | Mark CVE-2016-20012/openssh as no-dsa for bullseye and buster | Salvatore Bonaccorso | 2021-09-16 | 1 | -0/+2 |
| | |||||
* | Add CVE-2016-20012/openssh | Salvatore Bonaccorso | 2021-09-16 | 1 | -1/+2 |
| | |||||
* | automatic update | security tracker role | 2021-09-16 | 1 | -0/+2 |
| | |||||
* | Track fixed version for CVE-2016-10345/passenger via unstable | Salvatore Bonaccorso | 2021-08-17 | 1 | -1/+1 |
| | |||||
* | Update notes for mupdf | Neil Williams | 2021-08-06 | 1 | -2/+0 |
| | |||||
* | Clarify 49c364ab for mupdf | Neil Williams | 2021-08-06 | 1 | -2/+2 |
| | | | | | | Vulnerable C code exists in the source package but this is neither compiled nor packaged in stretch. Set <ignored> in preference to <not-affected>. | ||||
* | mupdf - binary from jstest_main.c is not packaged | Neil Williams | 2021-08-05 | 1 | -0/+2 |
| | | | | | As with wheezy, the mujstest binary is not included in the binary packages in Debian. | ||||
* | Add fixed version via experimetnal for CVE-2016-11086/ruby-oauth | Salvatore Bonaccorso | 2021-08-04 | 1 | -0/+1 |
| | |||||
* | Update inormation on some older CVEs to make tracking a bit more consistent | Salvatore Bonaccorso | 2021-07-10 | 1 | -8/+6 |
| | |||||
* | Track fixed version for several uclibc issues | Salvatore Bonaccorso | 2021-07-03 | 1 | -3/+3 |
| | |||||
* | Add tracking bug for old uclibc issues | Salvatore Bonaccorso | 2021-07-03 | 1 | -3/+3 |
| | |||||
* | Switch several git.videolan.org references to access via https | Salvatore Bonaccorso | 2021-06-02 | 1 | -9/+9 |
| | |||||
* | Mark CVE-2016-20011/libgrss as ignored for stretch | Utkarsh Gupta | 2021-05-30 | 1 | -0/+1 |
| | |||||
* | buster/bullseye triage | Moritz Muehlenhoff | 2021-05-26 | 1 | -0/+2 |
| | |||||
* | Add Debian bug reference for CVE-2016-20011/libgrss | Salvatore Bonaccorso | 2021-05-26 | 1 | -1/+1 |
| | |||||
* | Replace isc-dhcp git repository reference with URLs to gitlab instance | Salvatore Bonaccorso | 2021-05-26 | 1 | -1/+1 |
| | |||||
* | Add CVE-2016-20011/libgrss | Salvatore Bonaccorso | 2021-05-26 | 1 | -1/+3 |
| | |||||
* | automatic update | security tracker role | 2021-05-26 | 1 | -0/+2 |
| | |||||
* | Process some more NFUs | Salvatore Bonaccorso | 2021-05-05 | 1 | -1/+1 |
| | |||||
* | automatic update | security tracker role | 2021-05-05 | 1 | -0/+2 |
| | |||||
* | automatic update | security tracker role | 2021-04-27 | 1 | -1/+1 |
| | |||||
* | CVE-2016-5007/libspring-java: precision | Sylvain Beucler | 2021-04-12 | 1 | -1/+1 |
| | |||||
* | automatic update | security tracker role | 2021-04-09 | 1 | -40/+40 |
| | |||||
* | bullseye triage | Moritz Muehlenhoff | 2021-03-22 | 1 | -0/+1 |
| | |||||
* | Fix two typos | Salvatore Bonaccorso | 2021-03-20 | 1 | -1/+1 |
| | |||||
* | new leptonlib issues | Moritz Muehlenhoff | 2021-03-12 | 1 | -1/+1 |
| | | | | NFUs | ||||
* | automatic update | security tracker role | 2021-03-12 | 1 | -0/+2 |
| | |||||
* | automatic update | security tracker role | 2021-03-05 | 1 | -1/+1 |
| | |||||
* | automatic update | security tracker role | 2021-03-02 | 1 | -71/+71 |
| | |||||
* | Mark CVE-2016-2568 ignored for bullseye | Salvatore Bonaccorso | 2021-02-28 | 1 | -0/+1 |
| | |||||
* | Mark CVE-2016-10127 as no-dsa for bullseye | Salvatore Bonaccorso | 2021-02-28 | 1 | -0/+1 |
| | |||||
* | mujs entered the archive, recheck some older CVEs | Salvatore Bonaccorso | 2021-02-18 | 1 | -13/+28 |
| | |||||
* | automatic update | security tracker role | 2021-02-15 | 1 | -2/+2 |
| | |||||
* | Remove no-dsa tags for upcoming busybox update in Stretch. | Markus Koschany | 2021-02-15 | 1 | -2/+0 |
| | |||||
* | Strip no-dsa tags for wavpack for jessie | Utkarsh Gupta | 2021-01-14 | 1 | -1/+0 |
| | |||||
* | Ignore CVE-2016-7964/dokuwiki for bullseye | Salvatore Bonaccorso | 2021-01-02 | 1 | -0/+1 |
| | |||||
* | Process NFUs | Salvatore Bonaccorso | 2021-01-01 | 1 | -8/+8 |
| | |||||
* | automatic update | security tracker role | 2021-01-01 | 1 | -0/+16 |
| | |||||
* | Replace dropbear repository reference with working URL | Salvatore Bonaccorso | 2020-12-31 | 1 | -4/+4 |
| | | | | | Apparently repository moved from https://secure.ucc.asn.au/hg/dropbear to https://hg.ucc.asn.au/dropbear and so replace previous references. | ||||
* | Process some NFUs | Salvatore Bonaccorso | 2020-12-31 | 1 | -5/+5 |
| | |||||
* | automatic update | security tracker role | 2020-12-31 | 1 | -10/+10 |
| | |||||
* | bullseye triage | Moritz Muehlenhoff | 2020-12-27 | 1 | -1/+4 |
| | |||||
* | Track fixed version via unstable for CVE-2016-7151/capstone | Salvatore Bonaccorso | 2020-12-20 | 1 | -1/+1 |
| | |||||
* | bullseye triage | Moritz Muehlenhoff | 2020-12-18 | 1 | -0/+1 |
| | |||||
* | Update information on CVE-2016-11086 | Salvatore Bonaccorso | 2020-12-15 | 1 | -10/+5 |
| | | | | | Mark it as unimportant as it does not affect the binary packages in Debian (by default, unless a user has removed the certificates). | ||||
* | Declared CVE-2016-11086 as minor issue since the problem is exploitable if ↵ | Ola Lundqvist | 2020-12-15 | 1 | -0/+11 |
| | | | | /etc/ssl/certs/ca-certificates.crt does not exist. However this file normally exists since ruby-oath depends on ruby who in turn depend on ca-certificates package which generates this file. This means that in Debian this file always eists unless the admin has intentionally removed it. So the package is vulnerable but typically not in Debian. Updating this vulnerability could even cause a regression because some server admin may intentionally have removed this file to not check the certificate. |