...
 
Commits (365)
check-syntax:
stage: build
before_script:
- apt-get update && apt-get -y --no-install-recommends install git ca-certificates make python python-apt
script:
- git checkout master
- git pull
- make check-syntax
# https://docs.gitlab.com/ce/ci/yaml/#shallow-cloning
#variables:
# GIT_DEPTH: "10"
This source diff could not be displayed because it is too large. You can view the blob instead.
[25 May 2018] DLA-1384-1 xdg-utils - security update
{CVE-2017-18266}
[wheezy] - xdg-utils 1.1.0~rc1+git20111210-6+deb7u4
[25 May 2018] DLA-1383-1 xen - security update
{CVE-2018-8897 CVE-2018-10981 CVE-2018-10982}
[wheezy] - xen 4.1.6.lts1-14
[25 May 2018] DLA-1382-1 thunderbird - security update
{CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5159 CVE-2018-5161 CVE-2018-5162 CVE-2018-5168 CVE-2018-5170 CVE-2018-5178 CVE-2018-5183 CVE-2018-5184 CVE-2018-5185}
[wheezy] - thunderbird 1:52.8.0-1~deb7u1
[23 May 2018] DLA-1381-1 imagemagick - security update
{CVE-2017-18271 CVE-2017-18273 CVE-2018-11251}
[wheezy] - imagemagick 8:6.7.7.10-5+deb7u22
[18 May 2018] DLA-1380-1 libmad - security update
{CVE-2017-8372 CVE-2017-8373 CVE-2017-8374}
[wheezy] - libmad 0.15.1b-7+deb7u1
[16 May 2018] DLA-1379-1 curl - security update
{CVE-2018-1000301}
[wheezy] - curl 7.26.0-1+wheezy25+deb7u1
[13 May 2018] DLA-1378-1 tiff3 - security update
{CVE-2018-8905}
[wheezy] - tiff3 3.9.6-11+deb7u11
[13 May 2018] DLA-1377-1 tiff - security update
{CVE-2018-8905}
[wheezy] - tiff 4.0.2-6+deb7u20
[11 May 2018] DLA-1376-1 firefox-esr - security update
{CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5178 CVE-2018-5183}
[wheezy] - firefox-esr 52.8.0esr-1~deb7u1
......
[25 May 2018] DSA-4210-1 xen - security update
{CVE-2018-3639}
[stretch] - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
[25 May 2018] DSA-4209-1 thunderbird - security update
{CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5159 CVE-2018-5161 CVE-2018-5162 CVE-2018-5168 CVE-2018-5170 CVE-2018-5178 CVE-2018-5183 CVE-2018-5184 CVE-2018-5185}
[jessie] - thunderbird 1:52.8.0-1~deb8u1
[stretch] - thunderbird 1:52.8.0-1~deb9u1
[22 May 2018] DSA-4208-1 procps - security update
{CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126}
[jessie] - procps 2:3.3.9-9+deb8u1
[stretch] - procps 2:3.3.12-3+deb9u1
[22 May 2018] DSA-4207-1 packagekit - security update
{CVE-2018-1106}
[stretch] - packagekit 1.1.5-2+deb9u1
[21 May 2018] DSA-4206-1 gitlab - security update
{CVE-2017-0920 CVE-2018-8971}
[stretch] - gitlab 8.13.11+dfsg1-8+deb9u2
[18 Apr 2018] DSA-4205-1 jessie end-of-life
NOTE: end of security support for jessie
[18 May 2018] DSA-4204-1 imagemagick - security update
{CVE-2017-10995 CVE-2017-11533 CVE-2017-11535 CVE-2017-11639 CVE-2017-13143 CVE-2017-17504 CVE-2017-17879 CVE-2018-5248}
[jessie] - imagemagick 8:6.8.9.9-5+deb8u12
[17 May 2018] DSA-4203-1 vlc - security update
{CVE-2017-17670}
[stretch] - vlc 3.0.2-0+deb9u1
[16 May 2018] DSA-4202-1 curl - security update
{CVE-2018-1000301}
[jessie] - curl 7.38.0-4+deb8u11
[stretch] - curl 7.52.1-5+deb9u6
[15 May 2018] DSA-4201-1 xen - security update
{CVE-2018-8897 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981 CVE-2018-10982}
[stretch] - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
[14 May 2018] DSA-4200-1 kwallet-pam - security update
{CVE-2018-10380}
[stretch] - kwallet-pam 5.8.4-1+deb9u2
[10 May 2018] DSA-4199-1 firefox-esr - security update
{CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5178 CVE-2018-5183}
[jessie] - firefox-esr 52.8.0esr-1~deb8u1
......@@ -649,7 +684,7 @@
[jessie] - otrs2 3.3.18-1+deb8u1
[stretch] - otrs2 5.0.16-1+deb9u2
[05 Nov 2017] DSA-4020-1 chromium-browser - security update
{CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127 CVE-2017-5128 CVE-2017-5129 CVE-2017-5131 CVE-2017-5132 CVE-2017-5133 CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-15396}
{CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127 CVE-2017-5128 CVE-2017-5129 CVE-2017-5131 CVE-2017-5132 CVE-2017-5133 CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-15396 CVE-2017-15406}
[stretch] - chromium-browser 62.0.3202.75-1~deb9u1
[05 Nov 2017] DSA-4019-1 imagemagick - security update
{CVE-2017-9500 CVE-2017-11446 CVE-2017-11523 CVE-2017-11533 CVE-2017-11535 CVE-2017-11537 CVE-2017-11639 CVE-2017-11640 CVE-2017-12428 CVE-2017-12431 CVE-2017-12432 CVE-2017-12434 CVE-2017-12587 CVE-2017-12640 CVE-2017-12671 CVE-2017-13139 CVE-2017-13140 CVE-2017-13141 CVE-2017-13142 CVE-2017-13143 CVE-2017-13144 CVE-2017-13145}
......@@ -925,7 +960,7 @@
{CVE-2014-9940 CVE-2017-7346 CVE-2017-7482 CVE-2017-7533 CVE-2017-7541 CVE-2017-7542 CVE-2017-7889 CVE-2017-9605 CVE-2017-10911 CVE-2017-11176 CVE-2017-1000363 CVE-2017-1000365}
[jessie] - linux 3.16.43-2+deb8u3
[17 Aug 2017] DSA-3944-1 mariadb-10.0 - security update
{CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653}
{CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10286 CVE-2017-10379 CVE-2017-10384}
[jessie] - mariadb-10.0 10.0.32-0+deb8u1
[14 Aug 2017] DSA-3943-1 gajim - security update
{CVE-2016-10376}
......
......@@ -12,18 +12,14 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
apache2 (Roberto C. Sánchez)
--
blender
NOTE: 20180511: The question is whether it is worth the effort to fix the problem. The package is
NOTE: 20180511: clearly vulnerable and the vulnerability is rather severe (code execution) but
NOTE: 20180511: the likelihood of possible exploit in practice is quite small. Sent a mail to the
NOTE: 20180511: whole team for advice. (ola)
--
cups (Thorsten Alteholz)
NOTE: 20180318: not clear whether patch is fine, so no email to maintainer sent (alteholz)
--
glusterfs (Markus Koschany)
NOTE: 20180419: Maintainer not contacted yet because issue is too new. Patch
NOTE: 20180419: does not apply cleanly in Wheezy. (apo)
enigmail (Abhijith PA)
--
firefox-esr (Emilio Pozuelo)
NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 goes EOL.
NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work.
--
krb5 (Thorsten Alteholz)
NOTE: 20180131: lts-do-not-call
......@@ -31,8 +27,7 @@ krb5 (Thorsten Alteholz)
NOTE: 20180411: See also https://lists.debian.org/msgid-search/20180208212643.GB7792@pisco.westfalen.local (anarcat)
--
lame (Hugo Lefeuvre)
NOTE: 20180317: Patch available and tested. However I am probably not going to upload it since the security team is not
NOTE: interested in patching Jessie and I evaluate regression risks as non negligible.
NOTE: 20180515: Patch available and tested. Will coordinate with Fabian to provide Wheezy and Jessie uploads for the next Jessie point release.
--
libav (Hugo Lefeuvre)
NOTE: 20180118: Diego Biurrun (from the libav team) was working on patches, but encountered personal issues and had to stop.
......@@ -40,31 +35,22 @@ libav (Hugo Lefeuvre)
NOTE: 20180118: I am currently working on CVE triage but I will not be able to process the whole backlog until May.
NOTE: 20180118: Help is welcome, feel free to mail Hugo.
--
libmad (Kurt Roeckx)
--
libspring-java
NOTE: 20180510: The package need further investiation. It may be so that the package is not vulnerable as it is so old. It has not been checked. (ola)
NOTE: 20180510: The package was added here due to the vulnerability description only. (ola)
--
linux
--
ming (Hugo Lefeuvre)
NOTE: 20180317: wip, currently working on it with upstream. Since I have to write all patches by myself, it might take a while.
NOTE: 20180515: wip, currently working on it with upstream. Lots of fuzzing noise,
NOTE: many duplicate issues. Currently working on the next upload which will fix a
NOTE: batch of 5-6 CVEs.
--
openjdk-7 (Emilio Pozuelo)
--
phpmyadmin (Emilio Pozuelo)
--
tiff (Hugo Lefeuvre)
NOTE: 20180419: CVE-2018-8905 not reproducibple in Wheezy/Jessie/Stretch (Buster only),
NOTE: 20180419: but affected code seems to be present. I'm investigating the issue and will try
NOTE: 20180419: to submit a patch asap. Please refer to bug tracker for more info.
procps (Abhijith PA)
--
tiff3 (Hugo Lefeuvre)
tiff
--
wireshark (Thorsten Alteholz)
--
xdg-utils (Abhijith PA)
tiff3
--
xen (Emilio Pozuelo)
wireshark (Thorsten Alteholz)
--
......@@ -21,34 +21,30 @@ chromium-browser
--
dokuwiki/oldstable
--
enigmail
--
ffmpeg/stable
Wait for next 3.2.x release
--
gitlab
Pirate Praveen will prepare updates
--
glusterfs
--
graphicsmagick
--
imagemagick
Wait until more issues have piled up
--
knot-resolver
--
kwallet-pam (jmm)
Maximilliano Curia (maxy) proposed debdiff for update
Original update is creating several regressions, e.g. #897687
should not be released without followup fix.
--
libav/oldstable
We can ship the next libav 11.x point release when available
--
libidn
santiago will prepare update
--
linux
Wait until more issues have piled up
--
mariadb-10.0/oldstable
--
mariadb-10.1/stable
--
mercurial
--
mosquitto (seb)
......@@ -58,9 +54,6 @@ openjdk-7/oldstable (jmm)
--
openjpeg2 (luciano)
--
packagekit
Matthias Klumpp (mak) proposed debdiff for CVE-2018-1106
--
passenger/stable
--
php5/oldstable
......@@ -89,11 +82,9 @@ tomcat7/oldstable
tomcat8 (seb)
2018-04-11: Emmanuel Bourg submitted a debdiff
--
vlc (jmm)
--
wavpack (jmm)
wireshark (jmm)
--
xen
xdg-utils (luciano)
--
zendframework/oldstable
--
......@@ -127,3 +127,5 @@ CVE-2018-10194
[jessie] - ghostscript 9.06~dfsg-2+deb8u7
CVE-2016-10317
[jessie] - ghostscript 9.06~dfsg-2+deb8u7
CVE-2018-10689
[jessie] - blktrace 1.0.5-1+deb8u1
......@@ -91,3 +91,7 @@ CVE-2017-9257
[stretch] - faad2 2.8.0~cvs20161113-1+deb9u1
CVE-2018-10017
[stretch] - libopenmpt 0.2.7386~beta20.3-3+deb9u3
CVE-2018-1302
[stretch] - apache2 2.4.25-3+deb9u5
CVE-2018-10689
[stretch] - blktrace 1.1.0-2+deb9u1
......@@ -18,7 +18,7 @@ From 23-04 to 29-04: fw
From 30-04 to 06-05: seb
From 07-05 to 13-05: jmm
From 14-05 to 20-05: carnil
From 21-05 to 27-05: luciano
From 21-05 to 27-05: (luciano)
From 28-05 to 03-06: gilbert
From 04-06 to 10-06: geissert
From 11-06 to 17-06: corsac
......