[Secure-testing-commits] r51347 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-05-05 06:21:06 + (Fri, 05 May 2017)
New Revision: 51347

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-05-05 05:16:00 UTC (rev 51346)
+++ data/CVE/list   2017-05-05 06:21:06 UTC (rev 51347)
@@ -13728,6 +13728,7 @@
RESERVED
 CVE-2017-3882
RESERVED
+   NOT-FOR-US: Cisco
 CVE-2017-3881 (A vulnerability in the Cisco Cluster Management Protocol (CMP) 
...)
NOT-FOR-US: Cisco
 CVE-2017-3880 (An Authentication Bypass vulnerability in Cisco WebEx Meetings 
Server ...)
@@ -13740,12 +13741,14 @@
NOT-FOR-US: Cisco
 CVE-2017-3876
RESERVED
+   NOT-FOR-US: Cisco
 CVE-2017-3875 (An Access-Control Filtering Mechanisms Bypass vulnerability in 
certain ...)
NOT-FOR-US: Cisco
 CVE-2017-3874 (A vulnerability in the web framework of Cisco Unified 
Communications ...)
NOT-FOR-US: Cisco
 CVE-2017-3873
RESERVED
+   NOT-FOR-US: Cisco
 CVE-2017-3872 (A cross-site scripting (XSS) filter bypass vulnerability in the 
...)
NOT-FOR-US: Cisco
 CVE-2017-3871 (A RADIUS Secret Disclosure vulnerability in the web network 
management ...)
@@ -13842,6 +13845,7 @@
NOT-FOR-US: Cisco
 CVE-2017-3825
RESERVED
+   NOT-FOR-US: Cisco
 CVE-2017-3824 (A vulnerability in the handling of list headers in Cisco cBR 
Series ...)
NOT-FOR-US: Cisco
 CVE-2017-3823 (An issue was discovered in the Cisco WebEx Extension before 
1.0.7 on ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51341 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-05-05 03:41:08 + (Fri, 05 May 2017)
New Revision: 51341

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-05-04 21:10:12 UTC (rev 51340)
+++ data/CVE/list   2017-05-05 03:41:08 UTC (rev 51341)
@@ -11385,7 +11385,7 @@
 CVE-2017-4984
RESERVED
 CVE-2017-4983 (EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 
before ...)
-   TODO: check
+   NOT-FOR-US: EMC Data Domain OS
 CVE-2017-4982
RESERVED
 CVE-2017-4981


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51317 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-05-04 03:12:25 + (Thu, 04 May 2017)
New Revision: 51317

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-05-03 21:10:11 UTC (rev 51316)
+++ data/CVE/list   2017-05-04 03:12:25 UTC (rev 51317)
@@ -7360,6 +7360,7 @@
NOT-FOR-US: EyesOfNetwork
 CVE-2017-6086
RESERVED
+   NOT-FOR-US: ViMbAdmin
 CVE-2017-6085
RESERVED
 CVE-2017-6084
@@ -8096,6 +8097,7 @@
RESERVED
 CVE-2017-5870
RESERVED
+   NOT-FOR-US: ViMbAdmin
 CVE-2017-5869 (Directory traversal vulnerability in the file import feature in 
Nuxeo ...)
NOT-FOR-US: Nuxeo
 CVE-2017-5868


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51249 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-05-01 20:10:47 + (Mon, 01 May 2017)
New Revision: 51249

Modified:
   data/CVE/list
Log:
CVE-2017-8372/libmad

Modified: data/CVE/list
===
--- data/CVE/list   2017-05-01 17:58:44 UTC (rev 51248)
+++ data/CVE/list   2017-05-01 20:10:47 UTC (rev 51249)
@@ -26,7 +26,9 @@
 CVE-2017-8373 (The mad_layer_III function in layer3.c in Underbit MAD libmad 
0.15.1b ...)
- libmad 
 CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad 
0.15.1b, ...)
-   - libmad 
+   - libmad 
+   NOTE: 
https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
+   NOTE: No assertion failure with reproducer
 CVE-2017-8371 (Schneider Electric StruxureWare Data Center Expert before 7.4.0 
uses ...)
NOT-FOR-US: Schneider Electric
 CVE-2017-8370


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51215 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-04-30 21:38:17 + (Sun, 30 Apr 2017)
New Revision: 51215

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-04-30 19:23:55 UTC (rev 51214)
+++ data/CVE/list   2017-04-30 21:38:17 UTC (rev 51215)
@@ -7110,10 +7110,13 @@
RESERVED
 CVE-2017-5806
RESERVED
+   NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-5805
RESERVED
+   NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-5804
RESERVED
+   NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-5803
RESERVED
 CVE-2017-5802


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r50937 - in data: . CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-04-23 06:33:44 + (Sun, 23 Apr 2017)
New Revision: 50937

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
libbpg is embedded in ffmpeg

Modified: data/CVE/list
===
--- data/CVE/list   2017-04-23 06:02:53 UTC (rev 50936)
+++ data/CVE/list   2017-04-23 06:33:44 UTC (rev 50937)
@@ -15910,6 +15910,7 @@
 CVE-2017-2575 [NULL pointer dereference in image_alloc]
RESERVED
NOT-FOR-US: libbpg
+   NOTE: The libbpg library is not packaged in Debian but seem embedded in 
ffmpeg
 CVE-2017-2574
RESERVED
 CVE-2017-2573

Modified: data/embedded-code-copies
===
--- data/embedded-code-copies   2017-04-23 06:02:53 UTC (rev 50936)
+++ data/embedded-code-copies   2017-04-23 06:33:44 UTC (rev 50937)
@@ -376,6 +376,7 @@
- audacity 1.3.7-2 (embed; bug #512278)
- chromium-browser 44.0.2403.157-1 (fork; bug #763632)
- libav 
+   - libbpg  (embed)
 
 faad2
- mplayer 1.0~rc2-20 (embed)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r50934 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-04-23 04:32:31 + (Sun, 23 Apr 2017)
New Revision: 50934

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-04-22 20:19:28 UTC (rev 50933)
+++ data/CVE/list   2017-04-23 04:32:31 UTC (rev 50934)
@@ -15910,8 +15910,9 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/02/05/7
 CVE-2017-2577
REJECTED
-CVE-2017-2575
+CVE-2017-2575 [NULL pointer dereference in image_alloc]
RESERVED
+   NOT-FOR-US: libbpg
 CVE-2017-2574
RESERVED
 CVE-2017-2573


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r50589 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-04-12 05:09:31 + (Wed, 12 Apr 2017)
New Revision: 50589

Modified:
   data/CVE/list
Log:
cleanup

Modified: data/CVE/list
===
--- data/CVE/list   2017-04-12 04:38:22 UTC (rev 50588)
+++ data/CVE/list   2017-04-12 05:09:31 UTC (rev 50589)
@@ -81,9 +81,9 @@
 CVE-2017-7648 (Foscam networked devices use the same hardcoded SSL private key 
across ...)
NOT-FOR-US: Foscam
 CVE-2017-7647 (SolarWinds Log  Event Manager (LEM) before 6.3.1 Hotfix 4 
allows an ...)
-   NOT-FOR-US:  SolarWinds
+   NOT-FOR-US: SolarWinds
 CVE-2017-7646 (SolarWinds Log  Event Manager (LEM) before 6.3.1 Hotfix 4 
allows an ...)
-   NOT-FOR-US:  SolarWinds
+   NOT-FOR-US: SolarWinds
 CVE-2017-7645
RESERVED
 CVE-2017-7644
@@ -1522,7 +1522,7 @@
NOT-FOR-US: imdbphp
 CVE-2017-7203 (A Cross-Site Scripting (XSS) was discovered in ZoneMinder 
1.30.2. The ...)
- zoneminder  (bug #858329)
-   NOTE:  https://github.com/ZoneMinder/ZoneMinder/issues/1797
+   NOTE: https://github.com/ZoneMinder/ZoneMinder/issues/1797
 CVE-2017-7202 (Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 
Cendana ...)
NOT-FOR-US: SLiMS
 CVE-2017-7201
@@ -4803,7 +4803,7 @@
 CVE-2017-5965
RESERVED
 CVE-2017-5964 (An issue was discovered in Emoncms through 9.8.0. The 
vulnerability ...)
-   NOT-FOR-US:  Emoncms
+   NOT-FOR-US: Emoncms
 CVE-2017-5963 (An issue was discovered in caddy (for TYPO3) before 7.2.10. The 
...)
NOT-FOR-US: Typo3 extension
 CVE-2017-5962 (An issue was discovered in contexts_wurfl (for TYPO3) before 
0.4.2. The ...)
@@ -10575,7 +10575,7 @@
 CVE-2016-10030 (The _prolog_error function in slurmd/req.c in Slurm before 
15.08.13, ...)
- slurm-llnl 16.05.8-1 (bug #850491)
[jessie] - slurm-llnl  (Minor issue)
-   NOTE:  https://www.schedmd.com/news.php?id=178
+   NOTE: https://www.schedmd.com/news.php?id=178
NOTE: 
https://github.com/SchedMD/slurm/commit/92362a92fffe60187df61f99ab11c249d44120ee
 CVE-2017-3894
RESERVED
@@ -10742,7 +10742,7 @@
 CVE-2017-3813 (A vulnerability in the Start Before Logon (SBL) module of Cisco 
...)
NOT-FOR-US: Cisco
 CVE-2017-3812 (A vulnerability in the implementation of Common Industrial 
Protocol ...)
-   NOT-FOR-US:  Cisco Industrial Ethernet 2000 Series Switches
+   NOT-FOR-US: Cisco Industrial Ethernet 2000 Series Switches
 CVE-2017-3811 (An XML External Entity vulnerability in Cisco WebEx Meetings 
Server ...)
NOT-FOR-US: Cisco
 CVE-2017-3810 (A vulnerability in the web framework of Cisco Prime Service 
Catalog ...)
@@ -25653,7 +25653,7 @@
{DLA-684-1}
- libx11 2:1.6.4-1 (low; bug #840439)
[jessie] - libx11  (Minor issue, will be fixed in a point 
release)
-   NOTE:  
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9
+   NOTE: 
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9
 CVE-2016-7942 (The XGetImage function in X.org libX11 before 1.6.4 might allow 
remote ...)
{DLA-684-1}
- libx11 2:1.6.4-1 (low; bug #840439)
@@ -27972,7 +27972,7 @@
 CVE-2016-7094 (Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM 
guest OS ...)
{DSA-3663-1 DLA-614-1}
- xen 4.8.0~rc3-1
-   NOTE:  http://xenbits.xen.org/xsa/advisory-187.html
+   NOTE: http://xenbits.xen.org/xsa/advisory-187.html
 CVE-2016-7093 (Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS 
administrators to ...)
- xen  (Affects only 4.7.0 and later; 4.6.3 and 4.5.3)
NOTE: http://xenbits.xen.org/xsa/advisory-186.html
@@ -35576,7 +35576,7 @@
- gimp 2.8.16-2.2 (bug #828179)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=767873
 CVE-2016-4993 (CRLF injection vulnerability in the Undertow web server in 
WildFly ...)
-   NOT-FOR-US:  JBoss Enterprise Application Platform
+   NOT-FOR-US: JBoss Enterprise Application Platform
 CVE-2016-4992 [Information disclosure via repeated use of LDAP ADD operation]
RESERVED
- 389-ds-base 1.3.5.13-1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r50453 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-04-07 21:30:18 + (Fri, 07 Apr 2017)
New Revision: 50453

Modified:
   data/CVE/list
Log:
typofix

Modified: data/CVE/list
===
--- data/CVE/list   2017-04-07 21:13:52 UTC (rev 50452)
+++ data/CVE/list   2017-04-07 21:30:18 UTC (rev 50453)
@@ -57,7 +57,7 @@
 CVE-2016-10319 (In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware 
update SMC ...)
NOT-FOR-US: ARM
 CVE-2016-1000307 (Multiple Cross Site Scripting (XSS) Vulnerabilities in 
ClipBucket ...)
-   NOT-FOR-US: ClipBucker
+   NOT-FOR-US: ClipBucket
 CVE-2016-1000306
REJECTED
 CVE-2017-7578 (Multiple heap-based buffer overflows in parser.c in libming 
0.4.7 allow ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r49626 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-03-13 08:13:41 + (Mon, 13 Mar 2017)
New Revision: 49626

Modified:
   data/CVE/list
Log:
new profanity issue

Modified: data/CVE/list
===
--- data/CVE/list   2017-03-13 06:22:42 UTC (rev 49625)
+++ data/CVE/list   2017-03-13 08:13:41 UTC (rev 49626)
@@ -1,3 +1,6 @@
+CVE-2017- [Server certificates are not verified]
+   - profanity  (bug #857546)
+   NOTE: https://github.com/boothj5/profanity/issues/280
 CVE-2017- [irssi use after free condition during netjoin processing]
- irssi 1.0.2-1 (bug #857502)
[jessie] - irssi  (Different code path caused the 
netjoins to be flushed prior reaching use-after-free condition)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r49587 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-03-11 10:55:29 + (Sat, 11 Mar 2017)
New Revision: 49587

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-03-11 10:39:46 UTC (rev 49586)
+++ data/CVE/list   2017-03-11 10:55:29 UTC (rev 49587)
@@ -2656,6 +2656,7 @@
RESERVED
 CVE-2017-5796
RESERVED
+   NOT-FOR-US: HPE 2620 Series Network Switches
 CVE-2017-5795
RESERVED
 CVE-2017-5794
@@ -2666,6 +2667,7 @@
RESERVED
 CVE-2017-5791
RESERVED
+   NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-5790
RESERVED
 CVE-2017-5789


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Bug#809365: update

[Henri Salo]

This has now been fixed in upstream.

-- 
Henri Salo

Bug#809365: update

[Henri Salo]

This has now been fixed in upstream.

-- 
Henri Salo

___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel

[Secure-testing-commits] r49234 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-26 11:10:21 + (Sun, 26 Feb 2017)
New Revision: 49234

Modified:
   data/CVE/list
Log:
pax-utils scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c)

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-26 10:11:39 UTC (rev 49233)
+++ data/CVE/list   2017-02-26 11:10:21 UTC (rev 49234)
@@ -1,3 +1,6 @@
+CVE-2017- [scanelf: out of bounds read in scanelf_file_get_symtabs 
(scanelf.c)]
+   - pax-utils 
+   NOTE: 
https://blogs.gentoo.org/ago/2017/02/25/pax-utils-scanelf-out-of-bounds-read-in-scanelf_file_get_symtabs-scanelf-c-2/
 CVE-2017-6321
RESERVED
 CVE-2017-6320


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r49116 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-22 08:02:20 + (Wed, 22 Feb 2017)
New Revision: 49116

Modified:
   data/CVE/list
Log:
munin local write vulnerability

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-22 05:45:55 UTC (rev 49115)
+++ data/CVE/list   2017-02-22 08:02:20 UTC (rev 49116)
@@ -1,3 +1,6 @@
+CVE-2017- [munin-cgi-graph local file write vulnerability]
+   - munin  (bug #855705)
+   NOTE: https://github.com/munin-monitoring/munin/issues/721
 CVE-2017-6127 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
the ...)
NOT-FOR-US: DIGISOL DG-HR1400 Wireless Router
 CVE-2017-6126


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r49042 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-18 09:52:47 + (Sat, 18 Feb 2017)
New Revision: 49042

Modified:
   data/CVE/list
Log:
fix source package name

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-18 09:10:20 UTC (rev 49041)
+++ data/CVE/list   2017-02-18 09:52:47 UTC (rev 49042)
@@ -29,7 +29,7 @@
 CVE-2016-10226
RESERVED
 CVE-2017- [saned: SANE_NET_CONTROL_OPTION response packet may contain 
memory contents of the server]
-   - sane-utils  (bug #854804)
+   - sane-backends  (bug #854804)
 CVE-2017-6061
RESERVED
 CVE-2017-6060


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Bug#855142: security bug closed without fix

[Henri Salo]

Shouldn't this be closed AFTER the fix is available? Especially since this is a
security issue.

-- 
Henri Salo

Bug#855142: security bug closed without fix

[Henri Salo]

Shouldn't this be closed AFTER the fix is available? Especially since this is a
security issue.

-- 
Henri Salo

[Secure-testing-commits] r48989 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-16 06:22:04 + (Thu, 16 Feb 2017)
New Revision: 48989

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-16 06:15:33 UTC (rev 48988)
+++ data/CVE/list   2017-02-16 06:22:04 UTC (rev 48989)
@@ -1356,6 +1356,7 @@
RESERVED
 CVE-2017-5586
RESERVED
+   NOT-FOR-US: OpenText Documentum D2
 CVE-2017-5585
RESERVED
NOT-FOR-US: OpenText Documentum Content Server


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48988 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-16 06:15:33 + (Thu, 16 Feb 2017)
New Revision: 48988

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-16 06:13:18 UTC (rev 48987)
+++ data/CVE/list   2017-02-16 06:15:33 UTC (rev 48988)
@@ -1358,6 +1358,7 @@
RESERVED
 CVE-2017-5585
RESERVED
+   NOT-FOR-US: OpenText Documentum Content Server
 CVE-2017-5584
RESERVED
 CVE-2017-5583


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48987 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-16 06:13:18 + (Thu, 16 Feb 2017)
New Revision: 48987

Modified:
   data/CVE/list
Log:
CVE-2017-2627

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-16 06:11:41 UTC (rev 48986)
+++ data/CVE/list   2017-02-16 06:13:18 UTC (rev 48987)
@@ -9364,8 +9364,10 @@
RESERVED
 CVE-2017-2628
RESERVED
-CVE-2017-2627
+CVE-2017-2627 [openstack-tripleo-common: sudoers file is too permissive]
RESERVED
+   NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421917
+   TODO: check
 CVE-2017-2626
RESERVED
 CVE-2017-2625
@@ -9376,7 +9378,7 @@
RESERVED
 CVE-2017-2622 [openstack-mistral: /var/log/mistral/ is world readable]
RESERVED
-   NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622
+   NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420992
TODO: check
 CVE-2017-2621 [/var/log/heat/ is world readable]
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48986 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-16 06:11:41 + (Thu, 16 Feb 2017)
New Revision: 48986

Modified:
   data/CVE/list
Log:
CVE-2017-2622

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-16 06:10:33 UTC (rev 48985)
+++ data/CVE/list   2017-02-16 06:11:41 UTC (rev 48986)
@@ -9374,8 +9374,10 @@
RESERVED
 CVE-2017-2623
RESERVED
-CVE-2017-2622
+CVE-2017-2622 [openstack-mistral: /var/log/mistral/ is world readable]
RESERVED
+   NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622
+   TODO: check
 CVE-2017-2621 [/var/log/heat/ is world readable]
RESERVED
- heat 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48942 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-15 07:50:35 + (Wed, 15 Feb 2017)
New Revision: 48942

Modified:
   data/CVE/list
Log:
CVE-2017-5982/kodi

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-14 22:17:49 UTC (rev 48941)
+++ data/CVE/list   2017-02-15 07:50:35 UTC (rev 48942)
@@ -13,8 +13,10 @@
RESERVED
 CVE-2017-5983
RESERVED
-CVE-2017-5982
+CVE-2017-5982 [local file inclusion]
RESERVED
+   - kodi 
+   NOTE: http://seclists.org/fulldisclosure/2017/Feb/27
 CVE-2017-5681
RESERVED
 CVE-2017- [tomcat DoS via infinite loop in HTTPS request processing]


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48912 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-14 09:31:22 + (Tue, 14 Feb 2017)
New Revision: 48912

Modified:
   data/CVE/list
Log:
fix typo

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-14 09:25:22 UTC (rev 48911)
+++ data/CVE/list   2017-02-14 09:31:22 UTC (rev 48912)
@@ -342,11 +342,11 @@
- irssi 
[jessie] - irssi  (support for sasl not present)
[wheezy] - irssi  (support for sasl not present)
-   NOTE: Patch: Patch: 
https://github.com/irssi/irssi/commit/19c51789967a2f63da033e60f6ef08848b9cd144
+   NOTE: Patch: 
https://github.com/irssi/irssi/commit/19c51789967a2f63da033e60f6ef08848b9cd144
NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2017/02/05/8
 CVE-2017- [irssi missing null terminator]
- irssi  (unimportant)
-   NOTE: Patch: Patch: 
https://github.com/irssi/irssi/pull/619/commits/677fb1f55ca52d0e43c93f7d8361d333ff5bffd6
+   NOTE: Patch: 
https://github.com/irssi/irssi/pull/619/commits/677fb1f55ca52d0e43c93f7d8361d333ff5bffd6
NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2017/02/05/8
 CVE-2016-10206
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48873 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-13 04:58:17 + (Mon, 13 Feb 2017)
New Revision: 48873

Modified:
   data/CVE/list
Log:
CVE-2017-5969/libxml2

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-13 04:37:46 UTC (rev 48872)
+++ data/CVE/list   2017-02-13 04:58:17 UTC (rev 48873)
@@ -4,8 +4,8 @@
RESERVED
 CVE-2017-5969 [null pointer dereference when parsing a xml file using recover 
mode]
RESERVED
-   - libxml2 
-   NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/11/05/3
+   - libxml2  (bug #855001)
+   NOTE: http://www.openwall.com/lists/oss-security/2016/11/05/3
NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=778519
 CVE-2017-5968
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Bug#855001: CVE-2017-5969: libxml2: null pointer dereference when parsing a xml file using recover mode

[Henri Salo]

Package: libxml2
Version: 2.9.4+dfsg1-2.2
Severity: important
Tags: security, upstream

https://bugzilla.gnome.org/show_bug.cgi?id=778519
http://www.openwall.com/lists/oss-security/2016/11/05/3

-- 
Henri Salo

[Secure-testing-commits] r48872 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-13 04:37:46 + (Mon, 13 Feb 2017)
New Revision: 48872

Modified:
   data/CVE/list
Log:
CVE-2017-5969/libxml2

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-13 04:32:51 UTC (rev 48871)
+++ data/CVE/list   2017-02-13 04:37:46 UTC (rev 48872)
@@ -2,8 +2,11 @@
RESERVED
 CVE-2017-5970
RESERVED
-CVE-2017-5969
+CVE-2017-5969 [null pointer dereference when parsing a xml file using recover 
mode]
RESERVED
+   - libxml2 
+   NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/11/05/3
+   NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=778519
 CVE-2017-5968
RESERVED
 CVE-2017-5967
@@ -22,10 +25,6 @@
TODO: check
 CVE-2017-5960 (An issue was discovered in Phalcon Eye through 0.4.1. The 
vulnerability ...)
TODO: check
-CVE-2017- [null pointer dereference when parsing a xml file using recover 
mode]
-   - libxml2 
-   NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/11/05/3
-   NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=778519
 CVE-2017- [use-after-free in fz_subsample_pixmap (pixmap.c)]
- mupdf 
NOTE: Fix 
http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48852 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-12 07:29:42 + (Sun, 12 Feb 2017)
New Revision: 48852

Modified:
   data/CVE/list
Log:
libxml2 null pointer dereference when parsing a xml file using recover mode

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-11 12:01:43 UTC (rev 48851)
+++ data/CVE/list   2017-02-12 07:29:42 UTC (rev 48852)
@@ -1,3 +1,7 @@
+CVE-2017- [null pointer dereference when parsing a xml file using recover 
mode]
+   - libxml2 
+   NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/11/05/3
+   NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=778519
 CVE-2017- [use-after-free in fz_subsample_pixmap (pixmap.c)]
- mupdf 
NOTE: Fix 
http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48851 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-11 12:01:43 + (Sat, 11 Feb 2017)
New Revision: 48851

Modified:
   data/CVE/list
Log:
CVE-2016-8636/linux

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-11 11:46:40 UTC (rev 48850)
+++ data/CVE/list   2017-02-11 12:01:43 UTC (rev 48851)
@@ -17749,8 +17749,11 @@
[wheezy] - dracut  (Introduced in 030 upstream)
NOTE: Fixed by: 
http://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=0db98910a11c12a454eac4c8e86dc7a7bbc764a4
NOTE: Introduced by: 
http://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=5f2c30d9bcd614d546d5c55c6897e33f88b9ab90
 (030)
-CVE-2016-8636
+CVE-2016-8636 [mem_check_range integer overflow]
RESERVED
+   - linux 
+   NOTE: Fix 
https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66
+   TODO: check
 CVE-2016-8635 [small-subgroups attack flaw]
RESERVED
- nss 2:3.25-1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48848 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-11 09:58:13 + (Sat, 11 Feb 2017)
New Revision: 48848

Modified:
   data/CVE/list
Log:
mupdf use-after-free in fz_subsample_pixmap (pixmap.c)

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-11 09:10:14 UTC (rev 48847)
+++ data/CVE/list   2017-02-11 09:58:13 UTC (rev 48848)
@@ -1,3 +1,7 @@
+CVE-2017- [use-after-free in fz_subsample_pixmap (pixmap.c)]
+   - mupdf 
+   NOTE: Fix 
http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
+   NOTE: 
https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/
 CVE-2017-5959
RESERVED
 CVE-2017-5958


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48771 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-08 15:10:48 + (Wed, 08 Feb 2017)
New Revision: 48771

Modified:
   data/CVE/list
Log:
CVE-2017-5932/bash

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-08 13:30:14 UTC (rev 48770)
+++ data/CVE/list   2017-02-08 15:10:48 UTC (rev 48771)
@@ -1,5 +1,8 @@
-CVE-2017-5932
+CVE-2017-5932 [code execution in autocompletion]
RESERVED
+   - bash 
+   NOTE: 
https://github.com/jheyens/bash_completion_vuln/raw/master/2017-01-17.bash_completion_report.pdf
+   NOTE: Fix 
http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715
 CVE-2017-5931
RESERVED
- qemu 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48770 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-08 13:30:14 + (Wed, 08 Feb 2017)
New Revision: 48770

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-08 10:25:49 UTC (rev 48769)
+++ data/CVE/list   2017-02-08 13:30:14 UTC (rev 48770)
@@ -8793,6 +8793,7 @@
NOT-FOR-US: EMC Documentum eRoom
 CVE-2017-2765
RESERVED
+   NOT-FOR-US: EMC Isilon InsightIQ
 CVE-2017-2764
RESERVED
 CVE-2017-2763


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48746 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-07 07:07:15 + (Tue, 07 Feb 2017)
New Revision: 48746

Modified:
   data/CVE/list
Log:
CVE-2017-5677

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-07 07:02:18 UTC (rev 48745)
+++ data/CVE/list   2017-02-07 07:07:15 UTC (rev 48746)
@@ -562,6 +562,7 @@
RESERVED
 CVE-2017-5677 (PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection 
...)
TODO: check
+   NOTE: http://karmainsecurity.com/KIS-2017-01
 CVE-2017-5676
RESERVED
 CVE-2017-5857 [Qemu: display: virtio-gpu-3d: host memory leakage in 
virgl_cmd_resource_unref]


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48745 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-07 07:02:18 + (Tue, 07 Feb 2017)
New Revision: 48745

Modified:
   data/CVE/list
Log:
CVE-2017-5899/s-nail

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-07 00:55:46 UTC (rev 48744)
+++ data/CVE/list   2017-02-07 07:02:18 UTC (rev 48745)
@@ -850,7 +850,7 @@
NOTE: https://bugs.mysql.com/bug.php?id=63363
NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2017/01/28/1
TODO: check, claimed to affect all MySQL 5.5, MariaDB 10.0.29 and 
10.1.21
-CVE-2017- [s-nail local root privilege escalation]
+CVE-2017-5899 [s-nail local root privilege escalation]
- s-nail 14.8.16-1 (bug #852934)
NOTE: 
https://www.mail-archive.com/s-nail-users@lists.sourceforge.net/msg00551.html
NOTE: 
https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f797c27efecad45af191c518b7f87fda32ada160


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48701 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-04 08:46:30 + (Sat, 04 Feb 2017)
New Revision: 48701

Modified:
   data/CVE/list
Log:
CVE-2017-0358/ntfs-3g PoC

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-04 08:45:04 UTC (rev 48700)
+++ data/CVE/list   2017-02-04 08:46:30 UTC (rev 48701)
@@ -13775,6 +13775,7 @@
RESERVED
{DSA-3780-1 DLA-815-1}
- ntfs-3g 1:2016.2.22AR.1-4
+   NOTE: PoC http://www.openwall.com/lists/oss-security/2017/02/04/1
 CVE-2017-0357 [heap buffer overflow on -tr loader]
RESERVED
- iucode-tool 2.1.1-1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48700 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-04 08:45:04 + (Sat, 04 Feb 2017)
New Revision: 48700

Modified:
   data/CVE/list
Log:
syntax

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-04 08:41:02 UTC (rev 48699)
+++ data/CVE/list   2017-02-04 08:45:04 UTC (rev 48700)
@@ -781,7 +781,7 @@
 CVE-2017-5608 (Cross-site scripting (XSS) vulnerability in the image upload 
function ...)
- piwigo 
 CVE-2017-5600 (The Data Warehouse component in NetApp OnCommand Insight before 
7.2.3 ...)
-NOT-FOR-US: NetApp OnCommand Insight
+   NOT-FOR-US: NetApp OnCommand Insight
 CVE-2017-5599 (An issue was discovered in eClinicalWorks Patient Portal 7.0 
build 13. ...)
NOT-FOR-US: eClinicalWorks
 CVE-2017-5598 (An issue was discovered in eClinicalWorks healow@work 8.0 build 
8. This ...)
@@ -5371,19 +5371,19 @@
 CVE-2017-3825
RESERVED
 CVE-2017-3824 (A vulnerability in the handling of list headers in Cisco cBR 
Series ...)
-NOT-FOR-US: Cisco
+   NOT-FOR-US: Cisco
 CVE-2017-3823 (An issue was discovered in the Cisco WebEx Extension before 
1.0.7 on ...)
NOT-FOR-US: Cisco
 CVE-2017-3822 (A vulnerability in the logging subsystem of the Cisco Firepower 
Threat ...)
-NOT-FOR-US: Cisco Firepower Threat Defense
+   NOT-FOR-US: Cisco Firepower Threat Defense
 CVE-2017-3821
RESERVED
 CVE-2017-3820 (A vulnerability in Simple Network Management Protocol (SNMP) 
functions ...)
-NOT-FOR-US: Cisco IOS XE
+   NOT-FOR-US: Cisco IOS XE
 CVE-2017-3819
RESERVED
 CVE-2017-3818 (A vulnerability in the Multipurpose Internet Mail Extensions 
(MIME) ...)
-NOT-FOR-US: Cisco Email Security Appliances
+   NOT-FOR-US: Cisco Email Security Appliances
 CVE-2017-3817
RESERVED
 CVE-2017-3816
@@ -5391,23 +5391,23 @@
 CVE-2017-3815
RESERVED
 CVE-2017-3814 (A vulnerability in Cisco Firepower System Software could allow 
an ...)
-NOT-FOR-US: Cisco Firepower System Software
+   NOT-FOR-US: Cisco Firepower System Software
 CVE-2017-3813
RESERVED
 CVE-2017-3812 (A vulnerability in the implementation of Common Industrial 
Protocol ...)
-NOT-FOR-US:  Cisco Industrial Ethernet 2000 Series Switches
+   NOT-FOR-US:  Cisco Industrial Ethernet 2000 Series Switches
 CVE-2017-3811
RESERVED
 CVE-2017-3810 (A vulnerability in the web framework of Cisco Prime Service 
Catalog ...)
-NOT-FOR-US: Cisco Prime Service Catalog
+   NOT-FOR-US: Cisco Prime Service Catalog
 CVE-2017-3809 (A vulnerability in the Policy deployment module of the Cisco 
Firepower ...)
-NOT-FOR-US: Cisco Firepower Management Center
+   NOT-FOR-US: Cisco Firepower Management Center
 CVE-2017-3808
RESERVED
 CVE-2017-3807
RESERVED
 CVE-2017-3806 (A vulnerability in CLI command processing in the Cisco 
Firepower 4100 ...)
-NOT-FOR-US: Cisco Firepower
+   NOT-FOR-US: Cisco Firepower
 CVE-2017-3805 (A vulnerability in the web-based management interface of Cisco 
IOS and ...)
NOT-FOR-US: Cisco IOS
 CVE-2017-3804 (A vulnerability in Intermediate System-to-Intermediate System 
(IS-IS) ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48699 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-04 08:41:02 + (Sat, 04 Feb 2017)
New Revision: 48699

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-04 08:37:49 UTC (rev 48698)
+++ data/CVE/list   2017-02-04 08:41:02 UTC (rev 48699)
@@ -781,7 +781,7 @@
 CVE-2017-5608 (Cross-site scripting (XSS) vulnerability in the image upload 
function ...)
- piwigo 
 CVE-2017-5600 (The Data Warehouse component in NetApp OnCommand Insight before 
7.2.3 ...)
-   TODO: check
+NOT-FOR-US: NetApp OnCommand Insight
 CVE-2017-5599 (An issue was discovered in eClinicalWorks Patient Portal 7.0 
build 13. ...)
NOT-FOR-US: eClinicalWorks
 CVE-2017-5598 (An issue was discovered in eClinicalWorks healow@work 8.0 build 
8. This ...)
@@ -5371,19 +5371,19 @@
 CVE-2017-3825
RESERVED
 CVE-2017-3824 (A vulnerability in the handling of list headers in Cisco cBR 
Series ...)
-   TODO: check
+NOT-FOR-US: Cisco
 CVE-2017-3823 (An issue was discovered in the Cisco WebEx Extension before 
1.0.7 on ...)
NOT-FOR-US: Cisco
 CVE-2017-3822 (A vulnerability in the logging subsystem of the Cisco Firepower 
Threat ...)
-   TODO: check
+NOT-FOR-US: Cisco Firepower Threat Defense
 CVE-2017-3821
RESERVED
 CVE-2017-3820 (A vulnerability in Simple Network Management Protocol (SNMP) 
functions ...)
-   TODO: check
+NOT-FOR-US: Cisco IOS XE
 CVE-2017-3819
RESERVED
 CVE-2017-3818 (A vulnerability in the Multipurpose Internet Mail Extensions 
(MIME) ...)
-   TODO: check
+NOT-FOR-US: Cisco Email Security Appliances
 CVE-2017-3817
RESERVED
 CVE-2017-3816
@@ -5391,23 +5391,23 @@
 CVE-2017-3815
RESERVED
 CVE-2017-3814 (A vulnerability in Cisco Firepower System Software could allow 
an ...)
-   TODO: check
+NOT-FOR-US: Cisco Firepower System Software
 CVE-2017-3813
RESERVED
 CVE-2017-3812 (A vulnerability in the implementation of Common Industrial 
Protocol ...)
-   TODO: check
+NOT-FOR-US:  Cisco Industrial Ethernet 2000 Series Switches
 CVE-2017-3811
RESERVED
 CVE-2017-3810 (A vulnerability in the web framework of Cisco Prime Service 
Catalog ...)
-   TODO: check
+NOT-FOR-US: Cisco Prime Service Catalog
 CVE-2017-3809 (A vulnerability in the Policy deployment module of the Cisco 
Firepower ...)
-   TODO: check
+NOT-FOR-US: Cisco Firepower Management Center
 CVE-2017-3808
RESERVED
 CVE-2017-3807
RESERVED
 CVE-2017-3806 (A vulnerability in CLI command processing in the Cisco 
Firepower 4100 ...)
-   TODO: check
+NOT-FOR-US: Cisco Firepower
 CVE-2017-3805 (A vulnerability in the web-based management interface of Cisco 
IOS and ...)
NOT-FOR-US: Cisco IOS
 CVE-2017-3804 (A vulnerability in Intermediate System-to-Intermediate System 
(IS-IS) ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48697 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-04 08:33:16 + (Sat, 04 Feb 2017)
New Revision: 48697

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-04 08:09:23 UTC (rev 48696)
+++ data/CVE/list   2017-02-04 08:33:16 UTC (rev 48697)
@@ -7272,9 +7272,9 @@
 CVE-2016-9874
REJECTED
 CVE-2016-9873 (EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 
has a ...)
-   TODO: check
+   NOT-FOR-US: EMC Documentum
 CVE-2016-9872 (EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 
has ...)
-   TODO: check
+   NOT-FOR-US: EMC Documentum
 CVE-2016-9871 (EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, 
EMC ...)
NOT-FOR-US: EMC Isilon
 CVE-2016-9870 (EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, 
EMC ...)
@@ -19750,7 +19750,7 @@
 CVE-2016-8007
RESERVED
 CVE-2016-8006 (Authentication bypass vulnerability in Enterprise Security 
Manager ...)
-   TODO: check
+   NOT-FOR-US: Intel Security McAfee Security Information and Event 
Management
 CVE-2016-8005
RESERVED
 CVE-2016-8004
@@ -20243,7 +20243,7 @@
 CVE-2016-7867 (Adobe Flash Player versions 23.0.0.207 and earlier, 
11.2.202.644 and ...)
NOT-FOR-US: Adobe Flash
 CVE-2016-7866 (Adobe Animate versions 15.2.1.95 and earlier have an 
exploitable memory ...)
-   TODO: check
+   NOT-FOR-US: Adobe Animate
 CVE-2016-7865 (Adobe Flash Player versions 23.0.0.205 and earlier, 
11.2.202.643 and ...)
NOT-FOR-US: Adobe Flash
 CVE-2016-7864 (Adobe Flash Player versions 23.0.0.205 and earlier, 
11.2.202.643 and ...)
@@ -20263,7 +20263,7 @@
 CVE-2016-7857 (Adobe Flash Player versions 23.0.0.205 and earlier, 
11.2.202.643 and ...)
NOT-FOR-US: Adobe Flash
 CVE-2016-7856 (Adobe DNG Converter versions 9.7 and earlier have an 
exploitable memory ...)
-   TODO: check
+   NOT-FOR-US: Adobe DNG Converter
 CVE-2016-7855 (Use-after-free vulnerability in Adobe Flash Player before 
23.0.0.205 ...)
NOT-FOR-US: Adobe Flash
 CVE-2016-7854 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat 
Reader DC ...)
@@ -20420,7 +20420,7 @@
 CVE-2016-7793 (sociomantic-tsunami git-hub before 0.10.3 allows remote 
attackers to ...)
- git-hub 0.10.2-2 (bug #839284)
 CVE-2016-7792 (Ubiquiti Networks UniFi 5.2.7 does not restrict access to the 
...)
-   TODO: check
+   NOT-FOR-US: Ubiquiti Networks UniFi
 CVE-2016-7791 (Exponent CMS 2.3.9 suffers from a remote code execution 
vulnerability ...)
NOT-FOR-US: Exponent CMS
 CVE-2016-7790 (Exponent CMS 2.3.9 suffers from a remote code execution 
vulnerability ...)
@@ -21165,7 +21165,7 @@
 CVE-2016-7455
RESERVED
 CVE-2016-7454 (CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco 
dpc3941T) ...)
-   TODO: check
+   NOT-FOR-US: Technicolor TC dpc3941T
 CVE-2016-7453 (The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 
2 could ...)
NOT-FOR-US: Exponent CMS
 CVE-2016-7452 (The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 
2 could ...)
@@ -21434,8 +21434,10 @@
 CVE-2016-7394
RESERVED
 CVE-2016-7391 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA 
Windows GPU ...)
+   - nvidia-graphics-drivers 
TODO: check
 CVE-2016-7390 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA 
Windows GPU ...)
+   - nvidia-graphics-drivers 
TODO: check
 CVE-2016-7389 (For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA 
GPU ...)
- nvidia-graphics-drivers 367.57-1 (bug #846331)
@@ -21446,16 +21448,22 @@
[jessie] - nvidia-graphics-drivers-legacy-304xx 304.134-0~deb8u1
NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/4246
 CVE-2016-7388 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA 
Windows GPU ...)
+   - nvidia-graphics-drivers 
TODO: check
 CVE-2016-7387 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA 
Windows GPU ...)
+   - nvidia-graphics-drivers 
TODO: check
 CVE-2016-7386 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA 
Windows GPU ...)
+   - nvidia-graphics-drivers 
TODO: check
 CVE-2016-7385 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA 
Windows GPU ...)
+   - nvidia-graphics-drivers 
TODO: check
 CVE-2016-7384 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA 
Windows GPU ...)
+   - nvidia-graphics-drivers 
TODO: check
 CVE-2016-7383 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA 
Windows GPU ...)
+   - nvidia-graphics-drivers 
TODO: check
 CVE-2016-7382 (For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA 
GPU ...)
- nvidia-graphics-drivers 367.57-1 (bug #846331)
@@ -21466,6 +21474,7 @@
[jessie] - nvidia-graphics-drivers-legacy-304xx 304.134-0~deb8u1
NOTE: 

[Secure-testing-commits] r48696 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-04 08:09:23 + (Sat, 04 Feb 2017)
New Revision: 48696

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-04 00:18:01 UTC (rev 48695)
+++ data/CVE/list   2017-02-04 08:09:23 UTC (rev 48696)
@@ -8581,9 +8581,9 @@
 CVE-2017-2769
RESERVED
 CVE-2017-2768 (EMC Network Configuration Manager (NCM) 9.3.x, EMC Network ...)
-   TODO: check
+   NOT-FOR-US: EMC Network Configuration Manager
 CVE-2017-2767 (EMC Network Configuration Manager (NCM) 9.3.x, EMC Network ...)
-   TODO: check
+   NOT-FOR-US: EMC Network Configuration Manager
 CVE-2017-2766 (EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom 
version 7.4.4 ...)
NOT-FOR-US: EMC Documentum eRoom
 CVE-2017-2765
@@ -11979,7 +11979,7 @@
 CVE-2017-1094
RESERVED
 CVE-2017-1093 (IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a 
...)
-   TODO: check
+   NOT-FOR-US: IBM AIX
 CVE-2017-1092
RESERVED
 CVE-2017-1091
@@ -18720,7 +18720,7 @@
 CVE-2016-8218
RESERVED
 CVE-2016-8217 (EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 
Timing ...)
-   TODO: check
+   NOT-FOR-US: EMC RSA
 CVE-2016-8216 (EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS 
(DD OS) ...)
NOT-FOR-US: EMC
 CVE-2016-8215 (EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for 
a ...)
@@ -18730,9 +18730,9 @@
 CVE-2016-8213 (EMC Documentum WebTop Version 6.8, prior to P18 and Version 
6.8.1, ...)
NOT-FOR-US: EMC Documentum
 CVE-2016-8212 (An issue was discovered in EMC RSA BSAFE Crypto-J versions 
prior to ...)
-   TODO: check
+   NOT-FOR-US: EMC RSA
 CVE-2016-8211 (EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 
6.2, EMC ...)
-   TODO: check
+   NOT-FOR-US: EMC Data Protection Advisor
 CVE-2016-8210
RESERVED
 CVE-2016-8209
@@ -18740,13 +18740,13 @@
 CVE-2016-8208
RESERVED
 CVE-2016-8207 (A Directory Traversal vulnerability in CliMonitorReportServlet 
in the ...)
-   TODO: check
+   NOT-FOR-US: Brocade Network Advisor
 CVE-2016-8206 (A Directory Traversal vulnerability in servlet 
SoftwareImageUpload in ...)
-   TODO: check
+   NOT-FOR-US: Brocade Network Advisor
 CVE-2016-8205 (A Directory Traversal vulnerability in 
DashboardFileReceiveServlet in ...)
-   TODO: check
+   NOT-FOR-US: Brocade Network Advisor
 CVE-2016-8204 (A Directory Traversal vulnerability in FileReceiveServlet in 
the ...)
-   TODO: check
+   NOT-FOR-US: Brocade Network Advisor
 CVE-2016-8203 (A memory corruption in the IPsec code path of Brocade NetIron 
OS on ...)
NOT-FOR-US: Brocade
 CVE-2016-8202


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48677 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-03 09:58:25 + (Fri, 03 Feb 2017)
New Revision: 48677

Modified:
   data/CVE/list
Log:
libpodofo heap-based buffer overflow

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-03 09:13:15 UTC (rev 48676)
+++ data/CVE/list   2017-02-03 09:58:25 UTC (rev 48677)
@@ -1,3 +1,6 @@
+CVE-2017- [podofo: heap-based buffer overflow in 
PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizer.cpp)]
+   - libpodofo 
+   NOTE: 
https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp
 CVE-2017-5877
RESERVED
 CVE-2017-5876


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48660 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-02 08:43:53 + (Thu, 02 Feb 2017)
New Revision: 48660

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-02 08:20:14 UTC (rev 48659)
+++ data/CVE/list   2017-02-02 08:43:53 UTC (rev 48660)
@@ -17260,6 +17260,7 @@
RESERVED
 CVE-2016-8529
RESERVED
+   NOT-FOR-US: HPE StoreVirtual
 CVE-2016-8528
RESERVED
NOT-FOR-US: HPE Helion Eucalyptus


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48659 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-02 08:20:14 + (Thu, 02 Feb 2017)
New Revision: 48659

Modified:
   data/CVE/list
Log:
CVE-2017-5849 needs more work

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-02 08:04:03 UTC (rev 48658)
+++ data/CVE/list   2017-02-02 08:20:14 UTC (rev 48659)
@@ -22,6 +22,9 @@
NOT-FOR-US: podofo
 CVE-2017-5852
NOT-FOR-US: podofo
+CVE-2017-5849 [Out-of-Bound read and write issues in put1bitbwtile() and 
putgreytile()]
+   NOTE: http://www.openwall.com/lists/oss-security/2017/02/02/2
+   TODO: check
 CVE-2017-5850
NOT-FOR-US: OpenBSD httpd
 CVE-2017-5833


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48644 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-01 07:15:36 + (Wed, 01 Feb 2017)
New Revision: 48644

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-01 07:15:07 UTC (rev 48643)
+++ data/CVE/list   2017-02-01 07:15:36 UTC (rev 48644)
@@ -8022,6 +8022,7 @@
RESERVED
 CVE-2017-2766
RESERVED
+   NOT-FOR-US: EMC Documentum eRoom
 CVE-2017-2765
RESERVED
 CVE-2017-2764


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48643 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-01 07:15:07 + (Wed, 01 Feb 2017)
New Revision: 48643

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-01 07:10:34 UTC (rev 48642)
+++ data/CVE/list   2017-02-01 07:15:07 UTC (rev 48643)
@@ -42854,23 +42854,24 @@
NOTE: Possibly introduced in 
http://git.qemu.org/?p=qemu.git;a=commit;h=4917cf44326a1bda2fd7f27303aff7a25ad86518
 (v1.6.0-rc0)
NOTE: kvmapic introduced after 1.0.50 
(http://git.qemu.org/?p=qemu.git;a=commit;h=e5ad936b0fd7dfd7fd7908be6f9f1ca88f63b96b)
 CVE-2016-0930 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x 
before ...)
-   TODO: check
+   NOT-FOR-US: Pivotal Cloud Foundry
 CVE-2016-0929 (The metrics-collection component in RabbitMQ for Pivotal Cloud 
Foundry ...)
-   TODO: check
+   NOT-FOR-US: Pivotal Cloud Foundry
 CVE-2016-0928 (Multiple open redirect vulnerabilities in Pivotal Cloud Foundry 
(PCF) ...)
-   TODO: check
+   NOT-FOR-US: Pivotal Cloud Foundry
 CVE-2016-0927 (Cross-site scripting (XSS) vulnerability in Pivotal Cloud 
Foundry ...)
-   TODO: check
+   NOT-FOR-US: Pivotal Cloud Foundry
 CVE-2016-0926 (Cross-site scripting (XSS) vulnerability in Apps Manager in 
Pivotal ...)
-   TODO: check
+   NOT-FOR-US: Pivotal Cloud Foundry
 CVE-2016-0925 (Cross-site scripting (XSS) vulnerability in the Case Management 
...)
NOT-FOR-US: EMC RSA Adaptive Authentication
 CVE-2016-0924
REJECTED
+   NOT-FOR-US: RSA BSAFE Micro Edition Suite
 CVE-2016-0923 (The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x 
before ...)
-   TODO: check
+   NOT-FOR-US: RSA BSAFE Micro Edition Suite
 CVE-2016-0922 (EMC ViPR SRM before 3.7.2 does not restrict the number of ...)
-   TODO: check
+   NOT-FOR-US: EMC ViPR SRM
 CVE-2016-0921 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC 
Avamar ...)
NOT-FOR-US: EMC Avamar
 CVE-2016-0920 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC 
Avamar ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48642 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-02-01 07:10:34 + (Wed, 01 Feb 2017)
New Revision: 48642

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-02-01 06:46:37 UTC (rev 48641)
+++ data/CVE/list   2017-02-01 07:10:34 UTC (rev 48642)
@@ -17176,12 +17176,14 @@
RESERVED
 CVE-2016-8528
RESERVED
+   NOT-FOR-US: HPE Helion Eucalyptus
 CVE-2016-8527
RESERVED
 CVE-2016-8526
RESERVED
 CVE-2016-8525
RESERVED
+   NOT-FOR-US: HPE iMC PLAT
 CVE-2016-8524
RESERVED
 CVE-2016-8523


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48590 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-31 06:56:25 + (Tue, 31 Jan 2017)
New Revision: 48590

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-31 06:16:38 UTC (rev 48589)
+++ data/CVE/list   2017-01-31 06:56:25 UTC (rev 48590)
@@ -17119,6 +17119,7 @@
RESERVED
 CVE-2016-8523
RESERVED
+   NOT-FOR-US: HP Smart Storage Administrator
 CVE-2016-8522
RESERVED
NOT-FOR-US: HPE Diagnostics


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48542 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-29 22:50:56 + (Sun, 29 Jan 2017)
New Revision: 48542

Modified:
   data/CVE/list
Log:
CVE-2016-3189/bzip2 fixed

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-29 21:10:13 UTC (rev 48541)
+++ data/CVE/list   2017-01-29 22:50:56 UTC (rev 48542)
@@ -34459,7 +34459,7 @@
[wheezy] - cairo  (Minor issue)
NOTE: 
https://cgit.freedesktop.org/cairo/patch/src/cairo-image-compositor.c?id=5c82d91a5e15d29b1489dcb413b24ee7fdf59934
 CVE-2016-3189 (Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 
allows ...)
-   - bzip2  (low; bug #827744)
+   - bzip2 1.0.6-8.1 (low; bug #827744)
[jessie] - bzip2  (Minor issue)
[wheezy] - bzip2  (Minor issue)
 CVE-2016-3188 (The _prepopulate_request_walk function in the Prepopulate 
module ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48465 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-28 07:34:30 + (Sat, 28 Jan 2017)
New Revision: 48465

Modified:
   data/CVE/list
Log:
use after free in libmysqlclient.so

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-28 06:42:24 UTC (rev 48464)
+++ data/CVE/list   2017-01-28 07:34:30 UTC (rev 48465)
@@ -1,3 +1,6 @@
+CVE-2017- [use after free in libmysqlclient.so]
+   NOTE: http://www.openwall.com/lists/oss-security/2017/01/28/1
+   TODO: check
 CVE-2017- [s-nail local root privilege escalation]
- s-nail 
NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2017/01/27/7


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48451 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-27 13:35:07 + (Fri, 27 Jan 2017)
New Revision: 48451

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-27 13:33:59 UTC (rev 48450)
+++ data/CVE/list   2017-01-27 13:35:07 UTC (rev 48451)
@@ -42680,19 +42680,20 @@
 CVE-2016-0896 (Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 
1.7.x ...)
TODO: check
 CVE-2016-0895 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote 
attackers ...)
-   TODO: check
+   NOT-FOR-US: EMC
 CVE-2016-0894 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote 
...)
-   TODO: check
+   NOT-FOR-US: EMC
 CVE-2016-0893 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote 
...)
-   TODO: check
+   NOT-FOR-US: EMC
 CVE-2016-0892 (Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss 
...)
-   TODO: check
+   NOT-FOR-US: EMC
 CVE-2016-0891 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
...)
NOT-FOR-US: EMC ViPR SRM
 CVE-2016-0890
RESERVED
+   NOT-FOR-US: EMC
 CVE-2016-0889 (An HTTP servlet in vApp Manager in EMC Unisphere for VMAX 
Virtual ...)
-   TODO: check
+   NOT-FOR-US: EMC
 CVE-2016-0888 (EMC Documentum D2 before 4.6 lacks intended ACLs for 
configuration ...)
NOT-FOR-US: EMC Documentum D2
 CVE-2016-0887 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 
4.1.5, ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48450 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-27 13:33:59 + (Fri, 27 Jan 2017)
New Revision: 48450

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-27 11:26:50 UTC (rev 48449)
+++ data/CVE/list   2017-01-27 13:33:59 UTC (rev 48450)
@@ -4694,7 +4694,7 @@
NOTE: https://www.openssl.org/news/secadv/20170126.txt
NOTE: Fix for 1.0.2: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51d009043670a627d6abe66894126851cf3690e9
NOTE: Fix for 1.1.0: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f3a7e57c92b2c9b87dc4b2997f2ebda6781300d0
-   NOTE:and 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=00d965474b22b54e4275232bc71ee0c699c5cd21
+   NOTE: and 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=00d965474b22b54e4275232bc71ee0c699c5cd21
 CVE-2017-3730
RESERVED
- openssl 1.1.0d-1
@@ -17873,6 +17873,7 @@
RESERVED
 CVE-2016-8216
RESERVED
+   NOT-FOR-US: EMC
 CVE-2016-8215 (EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for 
a ...)
NOT-FOR-US: RSA Security Analytics
 CVE-2016-8214 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 
versions ...)
@@ -22807,8 +22808,10 @@
RESERVED
 CVE-2016-6649
RESERVED
+   NOT-FOR-US: EMC
 CVE-2016-6648
RESERVED
+   NOT-FOR-US: EMC
 CVE-2016-6647 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 
4.0.1 ...)
NOT-FOR-US: EMC
 CVE-2016-6646 (The vApp Managers web application in EMC Unisphere for VMAX 
Virtual ...)
@@ -42629,6 +42632,7 @@
NOT-FOR-US: EMC Avamar
 CVE-2016-0919
RESERVED
+   NOT-FOR-US: RSA Web Threat Detection
 CVE-2016-0918 (EMC RSA Identity Management and Governance before 6.8.1 P25 and 
6.9.x ...)
NOT-FOR-US: EMC RSA Identity Governance and Lifecycle
 CVE-2016-0917 (The SMB service in EMC VNXe (VNXe3200 Operating Environment 
prior to ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48407 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-26 08:44:55 + (Thu, 26 Jan 2017)
New Revision: 48407

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-26 08:25:45 UTC (rev 48406)
+++ data/CVE/list   2017-01-26 08:44:55 UTC (rev 48407)
@@ -4390,10 +4390,12 @@
RESERVED
 CVE-2017-3792
RESERVED
+   NOT-FOR-US: Cisco TelePresence
 CVE-2017-3791
RESERVED
 CVE-2017-3790
RESERVED
+   NOT-FOR-US: Cisco Expressway
 CVE-2016-5103
REJECTED
 CVE-2016-10027 (Race condition in the XMPP library in Smack before 4.1.9, when 
the ...)
@@ -14592,6 +14594,7 @@
RESERVED
 CVE-2016-9225
RESERVED
+   NOT-FOR-US: Cisco Adaptive Security Appliance
 CVE-2016-9224 (A vulnerability in the Cisco Jabber Guest Server could allow an 
...)
NOT-FOR-US: Cisco
 CVE-2016-9223 (A vulnerability in the Docker Engine configuration of Cisco ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48406 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-26 08:25:45 + (Thu, 26 Jan 2017)
New Revision: 48406

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-26 08:08:47 UTC (rev 48405)
+++ data/CVE/list   2017-01-26 08:25:45 UTC (rev 48406)
@@ -6319,6 +6319,7 @@
RESERVED
 CVE-2016-9871
RESERVED
+   NOT-FOR-US: EMC Isilon
 CVE-2016-9870 (EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, 
EMC ...)
NOT-FOR-US: EMC
 CVE-2016-9869 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. 
...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48357 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-25 09:19:18 + (Wed, 25 Jan 2017)
New Revision: 48357

Modified:
   data/CVE/list
Log:
jasper

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-25 09:18:17 UTC (rev 48356)
+++ data/CVE/list   2017-01-25 09:19:18 UTC (rev 48357)
@@ -1,3 +1,6 @@
+CVE-2017- [jasper: heap-based buffer overflow in jpc_dec_decodepkt 
(jpc_t2dec.c)]
+   - jasper 
+   NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/10
 CVE-2017- [jasper: NULL pointer dereference in jp2_cdef_destroy 
(jp2_cod.c)]
- jasper 
NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/8


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48356 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-25 09:18:17 + (Wed, 25 Jan 2017)
New Revision: 48356

Modified:
   data/CVE/list
Log:
jasper

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-25 09:14:29 UTC (rev 48355)
+++ data/CVE/list   2017-01-25 09:18:17 UTC (rev 48356)
@@ -1,3 +1,9 @@
+CVE-2017- [jasper: NULL pointer dereference in jp2_cdef_destroy 
(jp2_cod.c)]
+   - jasper 
+   NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/8
+CVE-2017- [jasper: invalid memory read in jas_matrix_bindsub (jas_seq.c)]
+   - jasper 
+   NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/9
 CVE-2017- [screen privilege escalation]
- screen 4.5.0-3 (bug #852484)
[stretch] - screen  (Vulnerable code not present)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48321 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-24 07:11:33 + (Tue, 24 Jan 2017)
New Revision: 48321

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-24 06:30:33 UTC (rev 48320)
+++ data/CVE/list   2017-01-24 07:11:33 UTC (rev 48321)
@@ -17536,10 +17536,12 @@
RESERVED
 CVE-2016-8215
RESERVED
+   NOT-FOR-US: RSA Security Analytics
 CVE-2016-8214
RESERVED
+   NOT-FOR-US: EMC Avamar
 CVE-2016-8213 (EMC Documentum WebTop Version 6.8, prior to P18 and Version 
6.8.1, ...)
-   TODO: check
+   NOT-FOR-US: EMC Documentum
 CVE-2016-8212
RESERVED
 CVE-2016-8211


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48224 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-20 12:20:05 + (Fri, 20 Jan 2017)
New Revision: 48224

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-20 11:40:46 UTC (rev 48223)
+++ data/CVE/list   2017-01-20 12:20:05 UTC (rev 48224)
@@ -3967,6 +3967,7 @@
RESERVED
 CVE-2017-3805
RESERVED
+   NOT-FOR-US: Cisco IOS
 CVE-2017-3804
RESERVED
 CVE-2017-3803
@@ -3977,6 +3978,7 @@
RESERVED
 CVE-2017-3800
RESERVED
+   NOT-FOR-US: Cisco Email Security Appliance
 CVE-2017-3799
RESERVED
 CVE-2017-3798
@@ -14215,6 +14217,7 @@
NOT-FOR-US: Cisco
 CVE-2016-9216
RESERVED
+   NOT-FOR-US: Cisco ASR 5000
 CVE-2016-9215 (A vulnerability in Cisco IOS XR Software could allow an 
authenticated, ...)
NOT-FOR-US: Cisco
 CVE-2016-9214 (Cisco Identity Services Engine (ISE) contains a vulnerability 
that ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48102 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-16 09:09:40 + (Mon, 16 Jan 2017)
New Revision: 48102

Modified:
   data/CVE/list
Log:
NFU HPSBGN03689

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-16 09:06:11 UTC (rev 48101)
+++ data/CVE/list   2017-01-16 09:09:40 UTC (rev 48102)
@@ -15741,8 +15741,10 @@
RESERVED
 CVE-2016-8522
RESERVED
+   NOT-FOR-US: HPE Diagnostics
 CVE-2016-8521
RESERVED
+   NOT-FOR-US: HPE Diagnostics
 CVE-2016-8520
RESERVED
 CVE-2016-8519


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47783 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-06 11:53:49 + (Fri, 06 Jan 2017)
New Revision: 47783

Modified:
   data/CVE/list
Log:
NFU ESA-2016-157

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-06 11:22:30 UTC (rev 47782)
+++ data/CVE/list   2017-01-06 11:53:49 UTC (rev 47783)
@@ -4750,10 +4750,13 @@
RESERVED
 CVE-2016-9869
RESERVED
+   NOT-FOR-US: EMC ScaleIO
 CVE-2016-9868
RESERVED
+   NOT-FOR-US: EMC ScaleIO
 CVE-2016-9867
RESERVED
+   NOT-FOR-US: EMC ScaleIO
 CVE-2016-9919 (The icmp6_send function in net/ipv6/icmp.c in the Linux kernel 
through ...)
- linux 4.8.15-1
[jessie] - linux  (Vulnerable code introduced later)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47742 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-05 09:12:50 + (Thu, 05 Jan 2017)
New Revision: 47742

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-05 09:10:22 UTC (rev 47741)
+++ data/CVE/list   2017-01-05 09:12:50 UTC (rev 47742)
@@ -24525,7 +24525,7 @@
NOTE: 
http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.17=1.18
NOTE: 
http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.18=1.19
 CVE-2016-5683 (ReadyDesk 9.1 allows local users to determine cleartext SQL 
Server ...)
-   TODO: check
+   NOT-FOR-US: ReadyDesk
 CVE-2016-5682
RESERVED
 CVE-2016-5681 (Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L 
B1 ...)
@@ -27297,21 +27297,21 @@
 CVE-2016-5051
RESERVED
 CVE-2016-5050 (Unrestricted file upload vulnerability in chat/sendfile.aspx in 
...)
-   TODO: check
+   NOT-FOR-US: ReadyDesk
 CVE-2016-5049 (Directory traversal vulnerability in chat/openattach.aspx in 
ReadyDesk ...)
-   TODO: check
+   NOT-FOR-US: ReadyDesk
 CVE-2016-5048 (SQL injection vulnerability in chat/staff/default.aspx in 
ReadyDesk ...)
-   TODO: check
+   NOT-FOR-US: ReadyDesk
 CVE-2016-5047 (NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: NetApp OnCommand System Manager
 CVE-2016-5046
RESERVED
 CVE-2016-5045
RESERVED
 CVE-2016-5025 (For the NVIDIA Quadro, NVS, and GeForce products, improper ...)
-   TODO: check
+   NOT-FOR-US: NVIDIA Quadro, NVS, and GeForce product
 CVE-2016-5024 (Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 
and ...)
-   TODO: check
+   NOT-FOR-US: BIG-IP
 CVE-2016-5023 (Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 
11.4.1 ...)
NOT-FOR-US: BIG-IP
 CVE-2016-5022 (F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x 
before ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47740 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-05 09:07:39 + (Thu, 05 Jan 2017)
New Revision: 47740

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-05 08:58:08 UTC (rev 47739)
+++ data/CVE/list   2017-01-05 09:07:39 UTC (rev 47740)
@@ -18726,6 +18726,7 @@
NOT-FOR-US: Exponent CMS
 CVE-2016-7399
RESERVED
+   NOT-FOR-US: Veritas NetBackup Applianc
 CVE-2016-7398
RESERVED
 CVE-2016-7397 (The Frontend component in Sophos UTM with firmware 9.405-5 and 
earlier ...)
@@ -20207,6 +20208,7 @@
REJECTED
 CVE-2016-6894
RESERVED
+   NOT-FOR-US: Arista EOS
 CVE-2016-6892 [Free of Memory not on the Heap]
RESERVED
- matrixssl 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47739 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-05 08:58:08 + (Thu, 05 Jan 2017)
New Revision: 47739

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-05 08:56:54 UTC (rev 47738)
+++ data/CVE/list   2017-01-05 08:58:08 UTC (rev 47739)
@@ -20295,13 +20295,13 @@
 CVE-2016-6860
RESERVED
 CVE-2016-6859 (Hybris Management Console (HMC) in SAP Hybris before 6.0 allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: SAP Hybris
 CVE-2016-6858 (Cross-site scripting (XSS) vulnerability in the Create Employee 
...)
-   TODO: check
+   NOT-FOR-US: SAP Hybris
 CVE-2016-6857 (Cross-site scripting (XSS) vulnerability in the Create 
Catalogue ...)
-   TODO: check
+   NOT-FOR-US: SAP Hybris
 CVE-2016-6856 (Cross-site scripting (XSS) vulnerability in the Inbox Search 
feature ...)
-   TODO: check
+   NOT-FOR-US: SAP Hybris
 CVE-2016-6855 (Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 
3.19.x, ...)
{DLA-605-1}
- eog 3.20.4-1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47725 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-04 19:40:59 + (Wed, 04 Jan 2017)
New Revision: 47725

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-04 17:43:57 UTC (rev 47724)
+++ data/CVE/list   2017-01-04 19:40:59 UTC (rev 47725)
@@ -15026,6 +15026,7 @@
RESERVED
 CVE-2016-8519
RESERVED
+   NOT-FOR-US: HPE Operations Orchestration
 CVE-2016-8518
RESERVED
 CVE-2016-8517


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47717 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-04 15:16:04 + (Wed, 04 Jan 2017)
New Revision: 47717

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-04 14:54:29 UTC (rev 47716)
+++ data/CVE/list   2017-01-04 15:16:04 UTC (rev 47717)
@@ -263,13 +263,13 @@
 CVE-2017-5006
RESERVED
 CVE-2017-5005 (Stack-based buffer overflow in Quick Heal Internet Security 
10.1.0.316 ...)
-   TODO: check
+   NOT-FOR-US: Quickheal
 CVE-2016-10108 (Unauthenticated Remote Command injection as root occurs in the 
Western ...)
-   TODO: check
+   NOT-FOR-US: Western Digital MyCloud NAS
 CVE-2016-10107 (Unauthenticated Remote Command injection as root occurs in the 
Western ...)
-   TODO: check
+   NOT-FOR-US: Western Digital MyCloud NAS
 CVE-2016-10106 (Directory traversal vulnerability in scgi-bin/platform.cgi on 
NETGEAR ...)
-   TODO: check
+   NOT-FOR-US: NETGEAR devices
 CVE-2016-10105 (admin/plugin.php in Piwigo through 2.8.3 doesn't validate the 
sections ...)
- piwigo 
 CVE-2016-10104


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Bug#850158: Use of uninitialized memory in unserialize()

[Henri Salo]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Package: php7.0
Version: 7.0.14-2
Severity: important
Tags: security, upstream, fixed-upstream

There was found a bug showing that PHP uses uninitialized memory during calls to
`unserialize()`. As the following report shows, the payload supplied to
`unserialize()` may control this uninitialized memory region and thus may be
used to trick PHP into operating on faked objects and calling attacker
controlled destructor function pointers. The supplied proof of concept exploit
practically demonstrates the issue by executing arbitrary code solely by passing
a specially crafted string to `unserialize()`. Even though this particular demo
exploit only works locally this flaw is very likely to also allow for remote
code execution.

Upstream bug report for additional details: 
https://bugs.php.net/bug.php?id=73832
Fix: https://gist.github.com/anonymous/9fbe5ccbe8e18659bec11ac963fd07a3

- -- 
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJYbP5hAAoJECet96ROqnV0rmIP/j0HpcNDEpNJTeR+JN75jC90
quuTqH98Neibb3WZEHHHksFVbKohmDm/KVQ1E7AWe6+zZ4FfEoPOsBkhoK2Swfv0
VTB7NVKFhlqmPwnVaB3l/6fc58mtyy6ljPcd/KIr1n3DCRbHgo13QmsgHBFSoqMs
WhJ0CB4NR87/qGqmuHabT1wkzwIB90uApbwBlDRpPTA54XWLRPoIZNlb3roh8RGD
lVb9Nb5vUZMGbrL376r6PkL+sZ6QcKemrGF3ZZqiirKcCfstYzhuftPgGLIGc0B2
Ud3IcH5wjxd/h4s4DA9SjZwnYbOlt76e3kcZbUZ4rJF1SEUAr0hfjRcbrEEj/0Ni
5B/z5H+miK4xAy+gyYemKELWhyrjSE5n2f5rN0SEJtTiaoF2XESLFP8HsuVzZyox
KOte7ekNIX0Ev+UvmEGeXawlqKRR+xuIYfS9obpgtbWYOZa1zdKMJz8VFfSun2MQ
9aK5B6icbeGTjB+ilKINv7UqLXArZw4WokAVBKRFXRpdAOjBBdGp9u0lIp2vNcru
hM6wc/lXShs7JlpQ3Rx0OMSv48u94NwwUw+otJcBg7lc5BoGlQSTqIObIUk4uuyY
abCYVpGBQN/qzGB/lULpt4ExxHEzDHC3pRimBGM6vGdThXOHKFi4VwlMf39UXaLl
rxvwtgdjnNAafVGc/H4g
=lHoz
-END PGP SIGNATURE-

[Secure-testing-commits] r47712 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-04 13:53:14 + (Wed, 04 Jan 2017)
New Revision: 47712

Modified:
   data/CVE/list
Log:
piwigo removed

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-04 10:11:14 UTC (rev 47711)
+++ data/CVE/list   2017-01-04 13:53:14 UTC (rev 47712)
@@ -267,7 +267,7 @@
 CVE-2016-10106 (Directory traversal vulnerability in scgi-bin/platform.cgi on 
NETGEAR ...)
TODO: check
 CVE-2016-10105 (admin/plugin.php in Piwigo through 2.8.3 doesn't validate the 
sections ...)
-   TODO: check
+   - piwigo 
 CVE-2016-10104
RESERVED
 CVE-2016-10103


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47701 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-03 19:54:59 + (Tue, 03 Jan 2017)
New Revision: 47701

Modified:
   data/CVE/list
Log:
add php unserialize() issue

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-03 19:30:43 UTC (rev 47700)
+++ data/CVE/list   2017-01-03 19:54:59 UTC (rev 47701)
@@ -1,5 +1,9 @@
 CVE-2017- [wrestool: exploitable crash]
- icoutils  (bug #850017)
+CVE-2016- [Use of uninitialized memory in unserialize()]
+   - php7.0 
+   - php5 
+   NOTE: https://bugs.php.net/bug.php?id=73832
 CVE-2016-10109 [pcsc-lite use-after-free]
- pcsc-lite 1.8.20-1
NOTE: 
https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47698 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2017-01-03 17:53:55 + (Tue, 03 Jan 2017)
New Revision: 47698

Modified:
   data/CVE/list
Log:
add wrestool #850017

Modified: data/CVE/list
===
--- data/CVE/list   2017-01-03 15:48:11 UTC (rev 47697)
+++ data/CVE/list   2017-01-03 17:53:55 UTC (rev 47698)
@@ -1,3 +1,5 @@
+CVE-2017- [wrestool: exploitable crash]
+   - icoutils  (bug #850017)
 CVE-2016-10109 [pcsc-lite use-after-free]
- pcsc-lite 1.8.20-1
NOTE: 
https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47543 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-12-29 07:32:43 + (Thu, 29 Dec 2016)
New Revision: 47543

Modified:
   data/CVE/list
Log:
CVE-2014-1934/eyed3 clarify hardening comment

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-29 07:09:45 UTC (rev 47542)
+++ data/CVE/list   2016-12-29 07:32:43 UTC (rev 47543)
@@ -88733,7 +88733,7 @@
[squeeze] - eyed3  (Minor issue)
NOTE: Upstream patch: 
https://bitbucket.org/nicfit/eyed3/commits/372bbacb7a70
NOTE: 
https://bitbucket.org/nicfit/eyed3/issue/65/tagpy-in-eyed3-allows-local-users-to
-   NOTE: Neutralised by kernel temp hardening
+   NOTE: Neutralised by protected_symlinks kernel temp hardening
 CVE-2014-1933 (The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in 
Python ...)
- pillow 2.4.0-1 (low; bug #737059)
- python-imaging 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47342 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-12-22 14:12:55 + (Thu, 22 Dec 2016)
New Revision: 47342

Modified:
   data/CVE/list
Log:
twiki

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-22 12:22:23 UTC (rev 47341)
+++ data/CVE/list   2016-12-22 14:12:55 UTC (rev 47342)
@@ -66021,7 +66021,7 @@
 CVE-2014-9368 (Cross-site request forgery (CSRF) vulnerability in the 
twitterDash ...)
NOT-FOR-US: WordPress plugin twitterDash
 CVE-2014-9367 (Incomplete blacklist vulnerability in the urlEncode function in 
...)
-   NOT-FOR-US: Twiki
+   - twiki 
NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367
 CVE-2014-9366
RESERVED
@@ -72674,7 +72674,7 @@
NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237
 CVE-2014-7236
RESERVED
-   NOT-FOR-US: TWiki
+   - twiki 
NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236
 CVE-2014-7235 (htdocs_ari/includes/login.php in the ARI Framework 
module/Asterisk ...)
- freepbx  (bug #464926)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47306 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-12-21 22:08:34 + (Wed, 21 Dec 2016)
New Revision: 47306

Modified:
   data/CVE/list
Log:
CVE-2016-9838/joomla itp

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-21 22:07:21 UTC (rev 47305)
+++ data/CVE/list   2016-12-21 22:08:34 UTC (rev 47306)
@@ -2605,7 +2605,7 @@
NOTE: https://github.com/mapserver/mapserver/pull/4928
NOTE: https://github.com/mapserver/mapserver/pull/5356
 CVE-2016-9838 (An issue was discovered in 
components/com_users/models/registration.php ...)
-   TODO: check
+   - joomla  (bug #571794)
 CVE-2016-9837 (An issue was discovered in ...)
TODO: check
 CVE-2016-9836 (The file scanning mechanism of JFilterInput::isFileSafe() in 
Joomla! ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47265 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-12-21 07:12:16 + (Wed, 21 Dec 2016)
New Revision: 47265

Modified:
   data/CVE/list
Log:
CVE-2016-9586/curl

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-21 05:42:32 UTC (rev 47264)
+++ data/CVE/list   2016-12-21 07:12:16 UTC (rev 47265)
@@ -8271,8 +8271,11 @@
NOTE: https://www.spinics.net/lists/kvm/msg142495.html
 CVE-2016-9587
RESERVED
-CVE-2016-9586
+CVE-2016-9586 [printf floating point buffer overflow]
RESERVED
+   - curl 
+   NOTE: https://curl.haxx.se/docs/adv_20161221A.html
+   TODO: check
 CVE-2016-9585
RESERVED
NOT-FOR-US: JMX endpoint of Red Hat JBoss EAP 5


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47133 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-12-16 14:16:38 + (Fri, 16 Dec 2016)
New Revision: 47133

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-16 14:13:09 UTC (rev 47132)
+++ data/CVE/list   2016-12-16 14:16:38 UTC (rev 47133)
@@ -11610,10 +11610,13 @@
RESERVED
 CVE-2016-8515
RESERVED
+   NOT-FOR-US: HPE Version Control Repository Manager
 CVE-2016-8514
RESERVED
+   NOT-FOR-US: HPE Version Control Repository Manager
 CVE-2016-8513
RESERVED
+   NOT-FOR-US: HPE Version Control Repository Manager
 CVE-2016-8512
RESERVED
 CVE-2016-8511


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46941 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-12-09 20:44:12 + (Fri, 09 Dec 2016)
New Revision: 46941

Modified:
   data/CVE/list
Log:
fix typo

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-09 20:21:56 UTC (rev 46940)
+++ data/CVE/list   2016-12-09 20:44:12 UTC (rev 46941)
@@ -25560,7 +25560,7 @@
 CVE-2015-8870 (Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 
allows ...)
- tiff 4.0.3-12
[wheezy] - tiff 4.0.2-6+deb7u4
-   NOTE: Fixed already witht the patch applied in 4.0.3-12 in unstable for 
the
+   NOTE: Fixed already with the patch applied in 4.0.3-12 in unstable for 
the
NOTE: CVE-2014-9330 issue.
 CVE-2013-7455 (Double free vulnerability in the DefaultICCintents function in 
...)
- lcms2 2.6-1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46762 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-12-04 13:52:34 + (Sun, 04 Dec 2016)
New Revision: 46762

Modified:
   data/CVE/list
Log:
fix typo

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-04 12:48:21 UTC (rev 46761)
+++ data/CVE/list   2016-12-04 13:52:34 UTC (rev 46762)
@@ -6948,7 +6948,7 @@
[wheezy] - jasper  (Vulnerable code introduced later)
NOTE: Fixed by: 
https://github.com/mdadams/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735
NOTE: The use-afer-free seems to be introduced in a version later tha 
1.900.1 but the
-   NOTE: CVE is assigned for everytihng fixed in the above commit, a such 
seems till
+   NOTE: CVE is assigned for everything fixed in the above commit, a such 
seems till
NOTE: present in the 1.900.1 based versions.
NOTE: 
https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c
TODO: double-check again


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46749 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-12-03 13:49:03 + (Sat, 03 Dec 2016)
New Revision: 46749

Modified:
   data/CVE/list
Log:
tiff issue #2608

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-03 13:46:20 UTC (rev 46748)
+++ data/CVE/list   2016-12-03 13:49:03 UTC (rev 46749)
@@ -1,3 +1,6 @@
+CVE-2016- [heap-based buffer overflow in TIFFFillStrip (tif_read.c)]
+   - tiff 
+   NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2608
 CVE-2016- [tiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when 
BitsPerSample is missing]
- tiff 
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2619


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46748 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-12-03 13:46:20 + (Sat, 03 Dec 2016)
New Revision: 46748

Modified:
   data/CVE/list
Log:
tiff issue #2619

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-03 13:11:11 UTC (rev 46747)
+++ data/CVE/list   2016-12-03 13:46:20 UTC (rev 46748)
@@ -1,3 +1,6 @@
+CVE-2016- [tiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when 
BitsPerSample is missing]
+   - tiff 
+   NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2619
 CVE-2017- [simplesamlphp signature validation SSPSA 201612-01]
- simplesamlphp 1.14.10-1 (low)
[jessie] - simplesamlphp  (Minor issue)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46404 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-21 20:51:54 + (Mon, 21 Nov 2016)
New Revision: 46404

Modified:
   data/CVE/list
Log:
Remove trailing whitespaces

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-21 20:51:10 UTC (rev 46403)
+++ data/CVE/list   2016-11-21 20:51:54 UTC (rev 46404)
@@ -641,15 +641,15 @@
[wheezy] - imagemagick  (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/296
NOTE: http://www.openwall.com/lists/oss-security/2016/11/13/1
-CVE-2016-9300 [maradns: remote crash bug in MaraDNS 2.0.13 js_readuint16] 
+CVE-2016-9300 [maradns: remote crash bug in MaraDNS 2.0.13 js_readuint16]
RESERVED
- maradns  (bug #844121)
NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/3
-CVE-2016-9301 [maradns: remote crash bug in MaraDNS 2.0.13 js_substr] 
+CVE-2016-9301 [maradns: remote crash bug in MaraDNS 2.0.13 js_substr]
RESERVED
- maradns  (bug #844121)
NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/3
-CVE-2016-9302 [maradns: remote crash bug in MaraDNS 2.0.13 process_query] 
+CVE-2016-9302 [maradns: remote crash bug in MaraDNS 2.0.13 process_query]
RESERVED
- maradns  (bug #844121)
NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/3
@@ -5155,7 +5155,7 @@
NOTE: Fixed by: 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ba8682107ee2ca3347354e018865d8e1967c5f4
 CVE-2016-7910 (Use-after-free vulnerability in the disk_seqf_stop function in 
...)
- linux 4.7.2-1
-   NOTE: Fixed by: 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84
 
+   NOTE: Fixed by: 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84
 CVE-2016-7909 (The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka 
Quick ...)
{DLA-698-1 DLA-689-1}
- qemu  (bug #839834)
@@ -7467,7 +7467,7 @@
NOT-FOR-US: Red Hat rhscon-core
 CVE-2016-7061
RESERVED
-   NOT-FOR-US: Red Hat JBoss Enterprise Application Platform   
+   NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
 CVE-2016-7060
RESERVED
 CVE-2016-7059


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46403 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-21 20:51:10 + (Mon, 21 Nov 2016)
New Revision: 46403

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-21 20:49:11 UTC (rev 46402)
+++ data/CVE/list   2016-11-21 20:51:10 UTC (rev 46403)
@@ -16920,6 +16920,7 @@
TODO: check
 CVE-2016-4406
RESERVED
+   NOT-FOR-US: HPE iLO
 CVE-2016-4405
RESERVED
 CVE-2016-4404
@@ -36027,9 +36028,9 @@
- xen 4.4.0-1
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://www.openwall.com/lists/oss-security/2015/09/10/1
-NOTE: Fix commit: 
http://git.qemu.org/?p=qemu.git;a=commit;h=d9033e1d3aa666c5071580617a57bd853c5d794a
-NOTE: exec_cmd introduced in 
http://git.qemu.org/?p=qemu.git;a=commit;h=7cff87ff6ab117799e32e42c2e4dc4c0588e583a
-NOTE: cmd_table introduced in 
http://git.qemu.org/?p=qemu.git;a=commit;h=844505b12e722d9ba7060480e766351fc6313501
+   NOTE: Fix commit: 
http://git.qemu.org/?p=qemu.git;a=commit;h=d9033e1d3aa666c5071580617a57bd853c5d794a
+   NOTE: exec_cmd introduced in 
http://git.qemu.org/?p=qemu.git;a=commit;h=7cff87ff6ab117799e32e42c2e4dc4c0588e583a
+   NOTE: cmd_table introduced in 
http://git.qemu.org/?p=qemu.git;a=commit;h=844505b12e722d9ba7060480e766351fc6313501
 CVE-2015-6927 (vzctl before 4.9.4 determines the virtual environment (VE) 
layout ...)
{DSA-3357-1}
- vzctl 4.9.4-1
@@ -121396,7 +121397,7 @@
- xen 4.4.0-1
[wheezy] - xen  (Vulnerable code introduced after 
0.14.50, embedded version is 0.10.2)
NOTE: Xen switched to qemu-system in 4.4.0-1
-NOTE: Vulnerable code introduced after 0.14.50: 
http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d
+   NOTE: Vulnerable code introduced after 0.14.50: 
http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d
 CVE-2011-4110 (The user_update function in security/keys/user_defined.c in the 
Linux ...)
{DSA-2389-1}
- linux-2.6 3.1.4-1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46343 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-19 11:34:39 + (Sat, 19 Nov 2016)
New Revision: 46343

Modified:
   data/CVE/list
Log:
CVE-2016-9296/p7zip

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-19 11:18:32 UTC (rev 46342)
+++ data/CVE/list   2016-11-19 11:34:39 UTC (rev 46343)
@@ -560,7 +560,7 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2592
NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/11/11/14
 CVE-2016-9296 (A null pointer dereference bug affects the 16.02 and many old 
versions ...)
-   - p7zip  (bug #844344)
+   - p7zip 16.02+dfsg-2 (bug #844344)
[jessie] - p7zip  (Vulnerable code with potential NULL 
pointer dereference introduced later)
[wheezy] - p7zip  (Vulnerable code with potential NULL 
pointer dereference introduced later)
NOTE: https://sourceforge.net/p/p7zip/bugs/185/


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46338 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-19 09:23:31 + (Sat, 19 Nov 2016)
New Revision: 46338

Modified:
   data/CVE/list
Log:
CVE-2016-9448/tiff

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-19 09:10:13 UTC (rev 46337)
+++ data/CVE/list   2016-11-19 09:23:31 UTC (rev 46338)
@@ -1,3 +1,7 @@
+CVE-2016-9448 [invalid read of size 1 in TIFFFetchNormalTag]
+   - tiff 
+   NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2593
+   NOTE: Regression introduced by previous fix done on 2016-11-11 for 
CVE-2016-9297
 CVE-2016-9421
RESERVED
 CVE-2016-9420
@@ -550,7 +554,6 @@
- tiff  (bug #844226)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2590
NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/2
-   NOTE: Caused regression, which is fixed in 
http://bugzilla.maptools.org/show_bug.cgi?id=2593
 CVE-2016- [tiffcrop: heap buffer overflow via writeBufferToSeparateStrips]
- tiff  (bug #844057)
[jessie] - tiff  (Minor issue)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46321 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-18 15:00:56 + (Fri, 18 Nov 2016)
New Revision: 46321

Modified:
   data/CVE/list
Log:
tiff tiff2pdf out-of-bounds write memcpy

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-18 14:34:40 UTC (rev 46320)
+++ data/CVE/list   2016-11-18 15:00:56 UTC (rev 46321)
@@ -1,3 +1,8 @@
+CVE-2016- [tiff2pdf: out-of-bounds write memcpy]
+   - tiff 
+   [jessie] - tiff  (Minor issue)
+   NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2579
+   NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/11/18/4
 CVE-2016- [gstreamer 0.10 VMNC code execution]
- gst-plugins-bad0.10 
[jessie] - gst-plugins-bad0.10 0.10.23-7.4+deb8u2


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46240 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-16 15:25:33 + (Wed, 16 Nov 2016)
New Revision: 46240

Modified:
   data/CVE/list
Log:
CVE-2016-9297/tiff

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-16 11:19:25 UTC (rev 46239)
+++ data/CVE/list   2016-11-16 15:25:33 UTC (rev 46240)
@@ -115,6 +115,7 @@
- tiff  (bug #844226)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2590
NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/2
+   NOTE: Caused regression, which is fixed in 
http://bugzilla.maptools.org/show_bug.cgi?id=2593
 CVE-2016- [tiffcrop: heap buffer overflow via writeBufferToSeparateStrips]
- tiff  (bug #844057)
[jessie] - tiff  (Minor issue)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46235 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-16 08:02:27 + (Wed, 16 Nov 2016)
New Revision: 46235

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-16 07:53:15 UTC (rev 46234)
+++ data/CVE/list   2016-11-16 08:02:27 UTC (rev 46235)
@@ -9705,11 +9705,11 @@
 CVE-2016-1000126 (Reflected XSS in wordpress plugin admin-font-editor v1.8 ...)
NOT-FOR-US: Wordpress plugin admin-font-editor
 CVE-2016-1000125 (Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for 
Joomla ...)
-   TODO: check
+   NOT-FOR-US: Joomla component Huge-IT Catalog
 CVE-2016-1000124 (Unauthenticated SQL Injection in Huge-IT Portfolio Gallery 
Plugin ...)
-   TODO: check
+   NOT-FOR-US: Joomla component Huge-IT Portfolio Gallery
 CVE-2016-1000123 (Unauthenticated SQL Injection in Huge-IT Video Gallery 
v1.0.9 for ...)
-   TODO: check
+   NOT-FOR-US: Joomla component Huge-IT Video Gallery
 CVE-2016-1000122 (XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension ...)
NOT-FOR-US: Joomla extension Huge IT Joomla Slider
 CVE-2016-1000121 (XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46222 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-16 05:45:25 + (Wed, 16 Nov 2016)
New Revision: 46222

Modified:
   data/CVE/list
Log:
CVE-2016-1249/libdbd-mysql BTS

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-16 05:24:06 UTC (rev 46221)
+++ data/CVE/list   2016-11-16 05:45:25 UTC (rev 46222)
@@ -26684,7 +26684,7 @@
RESERVED
 CVE-2016-1249 [libdbd-mysql: out-of-bounds read]
RESERVED
-   - libdbd-mysql-perl 
+   - libdbd-mysql-perl  (bug #844475)
NOTE: 
https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe
NOTE: http://www.openwall.com/lists/oss-security/2016/11/16/1
 CVE-2016-1248


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Bug#844475: CVE-2016-1249: Out-of-bounds read by DBD::mysql

[Henri Salo]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Package: libdbd-mysql-perl
Version: 4.037-5
Severity: important
Tags: security, fixed-upstream, upstream

Hi,

the following vulnerability was published for libdbd-mysql-perl.

CVE-2016-1249: Out-of-bounds read by DBD::mysql

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:
http://www.openwall.com/lists/oss-security/2016/11/16/1
https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe

Please adjust the affected versions in the BTS as needed.

- -- 
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJYK+6MAAoJECet96ROqnV0ArsP/3SLmKhsiPGu1gKBvr44t8Fn
65ZyBPjqqhTnxGUvwFO4Yb6XqXPy8iYdQ0WBknCx9E2B2ydnX/3MliCnNWvKe5rc
SXpK549ULqyS31GuYqzubi+h8tNrKwtZuaLSSp1qMIX+u4Q3819DC1tEAadFUe2v
jnGssmuJrd5N53xLZKe02d8D2OZuRZBWLqCJ+KjS/gE0RNr5kaMtuHEwgEYvmApA
sSFXfJfTlM/GYPYqiFuOjY6BJ3V9N5C7Hp2yEuE0RPN7y3dj0FgiOXgk6zAB3tKV
DdKM49G49fM4Kt7FTmNoq5tIR7/m3Jwy50NbNOzwawzFo6M1wosr0jyr4zlGjmMX
zpiD5HEUlwDBvSvwjtUm54evOfs6iQqCskqBiOJGVRTL6KlctKYcul0dew3yvQEF
EYlWdldipSSzXAfIRZ5887y3HE8uBy+RLy+YCIwiHYEITkGGpBjENOocHjWqermJ
sTkJX2RjvgxAWIVsSU4wS4K59XLalzjwIGi+DwjIAk1g0+UTfKOOXnldg4S7N3/j
xKLSOubzSFhMQoIf9NY2E1ek5R0WySP37yT2D1J0yuzdiUwlmqPxt0WSnc5i3FXf
9+WU2Jx18++WiqCyjjFbBgj+DO23UPrxNVZ3TrNSNJiD8EkLTVRpiEbQU80qQJmS
9mU9y9I1Dw/y4E4i8AHK
=Ki3r
-END PGP SIGNATURE-

[Secure-testing-commits] r46221 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-16 05:24:06 + (Wed, 16 Nov 2016)
New Revision: 46221

Modified:
   data/CVE/list
Log:
CVE-2016-1249/libdbd-mysql-perl

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-15 21:10:12 UTC (rev 46220)
+++ data/CVE/list   2016-11-16 05:24:06 UTC (rev 46221)
@@ -26682,8 +26682,11 @@
RESERVED
 CVE-2016-1250
RESERVED
-CVE-2016-1249
+CVE-2016-1249 [libdbd-mysql: out-of-bounds read]
RESERVED
+   - libdbd-mysql-perl 
+   NOTE: 
https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe
+   NOTE: http://www.openwall.com/lists/oss-security/2016/11/16/1
 CVE-2016-1248
RESERVED
 CVE-2016-1247


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46182 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-14 15:06:25 + (Mon, 14 Nov 2016)
New Revision: 46182

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-14 15:02:09 UTC (rev 46181)
+++ data/CVE/list   2016-11-14 15:06:25 UTC (rev 46182)
@@ -5345,10 +5345,13 @@
RESERVED
 CVE-2016-7490
RESERVED
+   NOT-FOR-US: Teradata Studio Express
 CVE-2016-7489
RESERVED
+   NOT-FOR-US: Teradata Virtual Machine Community Edition
 CVE-2016-7488
RESERVED
+   NOT-FOR-US: Teradata Virtual Machine Community Edition
 CVE-2016-7487
RESERVED
 CVE-2016-7486


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46180 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-14 14:57:57 + (Mon, 14 Nov 2016)
New Revision: 46180

Modified:
   data/CVE/list
Log:
CVE-2016-9296/p7zip

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-14 13:21:51 UTC (rev 46179)
+++ data/CVE/list   2016-11-14 14:57:57 UTC (rev 46180)
@@ -17,6 +17,9 @@
[jessie] - tiff  (Minor issue)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2592
NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/11/11/14
+CVE-2016-9296
+   - p7zip 
+   TODO: check
 CVE-2016-9276 [heap-based buffer overflow in dwarf_get_aranges_list 
(dwarf_arange.c)]
- dwarfutils  (bug #844011)
[jessie] - dwarfutils  (Minor issue)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46181 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-14 15:02:09 + (Mon, 14 Nov 2016)
New Revision: 46181

Modified:
   data/CVE/list
Log:
moin CVE-2016-7146 and CVE-2016-7148

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-14 14:57:57 UTC (rev 46180)
+++ data/CVE/list   2016-11-14 15:02:09 UTC (rev 46181)
@@ -6297,10 +6297,14 @@
NOT-FOR-US: b2evolution
 CVE-2016-7148
RESERVED
+   - moin 
+   TODO: check
 CVE-2016-7147
RESERVED
 CVE-2016-7146
RESERVED
+   - moin 
+   TODO: check
 CVE-2016-7122
RESERVED
- ffmpeg 7:3.1.4-1 (bug #840434)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46154 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-13 12:37:51 + (Sun, 13 Nov 2016)
New Revision: 46154

Modified:
   data/CVE/list
Log:
jenkins unauthenticated remote code execution

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-13 12:36:31 UTC (rev 46153)
+++ data/CVE/list   2016-11-13 12:37:51 UTC (rev 46154)
@@ -1,3 +1,6 @@
+CVE-2016- [jenkins: unauthenticated remote code execution]
+   - jenkins 
+   NOTE: CVE Request 
http://www.openwall.com/lists/oss-security/2016/11/12/4
 CVE-2016- [heap overflow in WaveletDenoiseImage()]
- imagemagick 
NOTE: CVE request: 
http://www.openwall.com/lists/oss-security/2016/11/13/1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46153 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-13 12:36:31 + (Sun, 13 Nov 2016)
New Revision: 46153

Modified:
   data/CVE/list
Log:
imagemagick heap overflow in WaveletDenoiseImage(

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-13 10:14:09 UTC (rev 46152)
+++ data/CVE/list   2016-11-13 12:36:31 UTC (rev 46153)
@@ -1,3 +1,6 @@
+CVE-2016- [heap overflow in WaveletDenoiseImage()]
+   - imagemagick 
+   NOTE: CVE request: 
http://www.openwall.com/lists/oss-security/2016/11/13/1
 CVE-2016- [maradns: Remote crash in MaraDNS 2.0.13 and git master] 
- maradns  (bug #844121)
NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/11/12/3


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46146 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-12 23:58:07 + (Sat, 12 Nov 2016)
New Revision: 46146

Modified:
   data/CVE/list
Log:
tiff read outside buffer in _TIFFPrintField

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-12 19:35:48 UTC (rev 46145)
+++ data/CVE/list   2016-11-12 23:58:07 UTC (rev 46146)
@@ -1,6 +1,10 @@
 CVE-2016- [maradns: Remote crash in MaraDNS 2.0.13 and git master] 
- maradns  (bug #844121)
NOTE: CVE Request: http://seclists.org/oss-sec/2016/q4/411
+CVE-2016- [libtiff/tif_dirread.c read outside buffer in _TIFFPrintField()]
+   - tiff 
+   NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2590
+   NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/11/12/2
 CVE-2016- [tiffcrop: heap buffer overflow via writeBufferToSeparateStrips]
- tiff  (bug #844057)
[jessie] - tiff  (Minor issue)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46135 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-11 21:01:48 + (Fri, 11 Nov 2016)
New Revision: 46135

Modified:
   data/CVE/list
Log:
tiffcrop heap buffer overflow via writeBufferToSeparateStrips

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-11 20:43:20 UTC (rev 46134)
+++ data/CVE/list   2016-11-11 21:01:48 UTC (rev 46135)
@@ -1,3 +1,7 @@
+CVE-2016- [tiffcrop: heap buffer overflow via writeBufferToSeparateStrips]
+   - tiff 
+   NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2592
+   NOTE: CVE request: 
http://www.openwall.com/lists/oss-security/2016/11/11/14
 CVE-2016-9276 [heap-based buffer overflow in dwarf_get_aranges_list 
(dwarf_arange.c)]
- dwarfutils  (bug #844011)
[jessie] - dwarfutils  (Minor issue)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46122 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-11 16:15:09 + (Fri, 11 Nov 2016)
New Revision: 46122

Modified:
   data/CVE/list
Log:
correct oss-security url

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-11 15:39:07 UTC (rev 46121)
+++ data/CVE/list   2016-11-11 16:15:09 UTC (rev 46122)
@@ -1,7 +1,7 @@
 CVE-2016-9273 [libtiff heap overflow]
- tiff 
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2587
-   NOTE: http://seclists.org/oss-sec/2016/q4/381
+   NOTE: http://www.openwall.com/lists/oss-security/2016/11/09/20
 CVE-2016-9261
RESERVED
 CVE-2016-9260


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46078 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-09 07:34:46 + (Wed, 09 Nov 2016)
New Revision: 46078

Modified:
   data/CVE/list
Log:
CVE-2016-8632/linux update

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-09 07:03:13 UTC (rev 46077)
+++ data/CVE/list   2016-11-09 07:34:46 UTC (rev 46078)
@@ -1642,7 +1642,7 @@
- linux 
NOTE: 
https://git.kernel.org/linus/667121ace9dbafb368618dbabcf07901c962ddac
NOTE: 
https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/
-CVE-2016-8632
+CVE-2016-8632 [tipc_msg_build() doesn't validate MTU that can trigger heap 
overflow]
RESERVED
- linux 
NOTE: https://www.mail-archive.com/netdev@vger.kernel.org/msg133205.html


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46077 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-09 07:03:13 + (Wed, 09 Nov 2016)
New Revision: 46077

Modified:
   data/CVE/list
Log:
NFU HPSBGN03643

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-09 06:08:31 UTC (rev 46076)
+++ data/CVE/list   2016-11-09 07:03:13 UTC (rev 46077)
@@ -15962,10 +15962,13 @@
RESERVED
 CVE-2016-4404
RESERVED
+   NOT-FOR-US: HPE KeyView using Filter SDK
 CVE-2016-4403
RESERVED
+   NOT-FOR-US: HPE KeyView using Filter SDK
 CVE-2016-4402
RESERVED
+   NOT-FOR-US: HPE KeyView using Filter SDK
 CVE-2016-4401
RESERVED
 CVE-2016-4400


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46033 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-07 07:18:18 + (Mon, 07 Nov 2016)
New Revision: 46033

Modified:
   data/CVE/list
Log:
CVE-2016-8858/openssh note

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-07 06:32:20 UTC (rev 46032)
+++ data/CVE/list   2016-11-07 07:18:18 UTC (rev 46033)
@@ -1235,6 +1235,7 @@
[jessie] - openssh  (Minor issue)
[wheezy] - openssh  (Minor issue)
NOTE: 
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127=text/x-cvsweb-markup
+   NOTE: Only thing the attacker could do here is self-dos own connection
 CVE-2016-8862 [imagemagick: memory allocation failure in AcquireMagickMemory 
(memory.c)]
RESERVED
- imagemagick 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r45923 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-03 10:47:01 + (Thu, 03 Nov 2016)
New Revision: 45923

Modified:
   data/CVE/list
Log:
CVE-2016-7035/pacemaker

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-03 10:18:00 UTC (rev 45922)
+++ data/CVE/list   2016-11-03 10:47:01 UTC (rev 45923)
@@ -6289,8 +6289,11 @@
RESERVED
 CVE-2016-7036
RESERVED
-CVE-2016-7035
+CVE-2016-7035 [improper IPC guarding]
RESERVED
+   - pacemaker 
+   NOTE: http://www.openwall.com/lists/oss-security/2016/11/03/5
+   TODO: check
 CVE-2016-7034 (The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not 
properly ...)
NOT-FOR-US: JBoss BPMS
 CVE-2016-7033 (Multiple cross-site scripting (XSS) vulnerabilities in the 
admin pages ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r45913 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-03 07:40:10 + (Thu, 03 Nov 2016)
New Revision: 45913

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2016-11-03 06:19:35 UTC (rev 45912)
+++ data/CVE/list   2016-11-03 07:40:10 UTC (rev 45913)
@@ -8220,6 +8220,7 @@
RESERVED
 CVE-2016-6447
RESERVED
+   NOT-FOR-US: Cisco Meeting Server and Meeting App
 CVE-2016-6446 (A vulnerability in Web Bridge for Cisco Meeting Server could 
allow an ...)
TODO: check
 CVE-2016-6445 (A vulnerability in the Extensible Messaging and Presence 
Protocol ...)
@@ -8232,6 +8233,7 @@
TODO: check
 CVE-2016-6441
RESERVED
+   NOT-FOR-US: Cisco ASR 900 Series Aggregation Services Routers
 CVE-2016-6440 (The Cisco Unified Communications Manager (CUCM) may be 
vulnerable to ...)
TODO: check
 CVE-2016-6439 (A vulnerability in the detection engine reassembly of HTTP 
packets for ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r45881 - data

[Henri Salo]

Author: fgeek-guest
Date: 2016-11-02 09:40:24 + (Wed, 02 Nov 2016)
New Revision: 45881

Modified:
   data/embedded-code-copies
Log:
sfftobmp embeds tiff tools code

Modified: data/embedded-code-copies
===
--- data/embedded-code-copies   2016-11-02 09:32:23 UTC (rev 45880)
+++ data/embedded-code-copies   2016-11-02 09:40:24 UTC (rev 45881)
@@ -329,6 +329,7 @@
- ghostscript 8.71~dfsg-1 (embed)
- povray  (embed)
- insighttoolkit4  (embed)
+   - sfftobmp  (embed)
 
 uudeview
- libconvert-uulib-perl  (embed)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits