[Secure-testing-commits] r33584 - data/CVE
Author: fgeek-guest Date: 2015-04-15 03:29:08 + (Wed, 15 Apr 2015) New Revision: 33584 Modified: data/CVE/list Log: add todo Modified: data/CVE/list === --- data/CVE/list 2015-04-14 20:51:59 UTC (rev 33583) +++ data/CVE/list 2015-04-15 03:29:08 UTC (rev 33584) @@ -534,6 +534,8 @@ TODO: check (various libraries) CVE-2015-2810 RESERVED + TODO: check + NOTE: http://seclists.org/bugtraq/2015/Apr/89 CVE-2015-2809 (The Multicast DNS (mDNS) responder in Synology DiskStation Manager ...) NOT-FOR-US: Synology DiskStation Manager CVE-2015-2808 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, does ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33580 - data/CVE
Author: fgeek-guest Date: 2015-04-14 19:03:26 + (Tue, 14 Apr 2015) New Revision: 33580 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-04-14 19:00:29 UTC (rev 33579) +++ data/CVE/list 2015-04-14 19:03:26 UTC (rev 33580) @@ -13,7 +13,7 @@ CVE-2015- [buffer overflow in ppp potentially allows DoS] - ppp 2.4.6-3.1 (bug #782450) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/13/4 -NOTE: Patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;filename=ppp_2.4.6-3.1-nmu.diff;att=1;bug=782450 + NOTE: Patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;filename=ppp_2.4.6-3.1-nmu.diff;att=1;bug=782450 CVE-2015- [net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability] - net-snmp unfixed NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/13/1 @@ -2433,6 +2433,7 @@ RESERVED CVE-2015-2114 RESERVED + NOT-FOR-US: HP Support Solution Framework CVE-2015-2113 RESERVED NOT-FOR-US: HP Thin Clients @@ -4790,7 +4791,7 @@ RESERVED [experimental] - apport unfixed NOTE: apport only in experimental, so we cannot track this in security-tracker -NOTE: add it, as we have a explicit (bug) reference for apport + NOTE: add it, as we have a explicit (bug) reference for apport CVE-2015-1317 RESERVED NOT-FOR-US: Oxide ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33548 - data/CVE
Author: fgeek-guest Date: 2015-04-13 05:57:06 + (Mon, 13 Apr 2015) New Revision: 33548 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-04-13 05:50:15 UTC (rev 33547) +++ data/CVE/list 2015-04-13 05:57:06 UTC (rev 33548) @@ -1141,11 +1141,11 @@ CVE-2015-2565 RESERVED CVE-2015-2564 (SQL injection vulnerability in client-edit.php in ProjectSend ...) - TODO: check + NOT-FOR-US: ProjectSend CVE-2015-2563 (SQL injection vulnerability in groups.php in Vastal I-Tech phpVID ...) - TODO: check + NOT-FOR-US: Vastal I-Tech phpVID CVE-2015-2562 (Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD ...) - TODO: check + NOT-FOR-US: Joomla component com_ecommercewd CVE-2015-2561 RESERVED CVE-2015-2560 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33547 - data/CVE
Author: fgeek-guest Date: 2015-04-13 05:50:15 + (Mon, 13 Apr 2015) New Revision: 33547 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-04-13 05:12:45 UTC (rev 33546) +++ data/CVE/list 2015-04-13 05:50:15 UTC (rev 33547) @@ -173,18 +173,18 @@ NOTE: http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=39547d600a13713e15429f49768e54c3173c828d NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=56508 NOTE: http://www.openwall.com/lists/oss-security/2015/04/08/4 -NOTE: The following packages will be recompiled after the release of -NOTE: the DSA for wheezy: -NOTE: libxrender -NOTE: libxi -NOTE: libxfixes -NOTE: libxrandr -NOTE: libsdl1.2 -NOTE: libxv -NOTE: libxp -NOTE: xserver-xorg-video-vmware -NOTE: cairo -TODO: are the more? + NOTE: The following packages will be recompiled after the release of + NOTE: the DSA for wheezy: + NOTE: libxrender + NOTE: libxi + NOTE: libxfixes + NOTE: libxrandr + NOTE: libsdl1.2 + NOTE: libxv + NOTE: libxp + NOTE: xserver-xorg-video-vmware + NOTE: cairo + TODO: are the more? CVE-2015-3030 NOT-FOR-US: McAfee Advanced Threat Defense CVE-2015-3029 @@ -6319,9 +6319,9 @@ CVE-2015-0902 (The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress ...) NOT-FOR-US: WordPress plugin all-in-one-seo-pack CVE-2015-0901 (Cross-site scripting (XSS) vulnerability in the duwasai flashy theme ...) - TODO: check + NOT-FOR-US: WordPress duwasai flashy theme CVE-2015-0900 (Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi ...) - TODO: check + NOT-FOR-US: Nishishi Factory CVE-2015-0899 [input validation bypass in MultiPageValidator] RESERVED - libstruts1.2-java unfixed ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33517 - data/CVE
Author: fgeek-guest Date: 2015-04-11 06:05:45 + (Sat, 11 Apr 2015) New Revision: 33517 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-04-11 06:03:05 UTC (rev 33516) +++ data/CVE/list 2015-04-11 06:05:45 UTC (rev 33517) @@ -12758,6 +12758,7 @@ NOTE: https://github.com/htcondor/htcondor/commit/aebc6b0492acdc8b21b39ba22e33661752c2c37d.patch CVE-2014-8125 RESERVED + NOT-FOR-US: jBPM CVE-2014-8124 (OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before ...) - horizon 2014.1.3-6 (bug #772710) [wheezy] - horizon no-dsa (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33429 - data/CVE
Author: fgeek-guest Date: 2015-04-08 13:28:33 + (Wed, 08 Apr 2015) New Revision: 33429 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-04-08 12:53:43 UTC (rev 33428) +++ data/CVE/list 2015-04-08 13:28:33 UTC (rev 33429) @@ -2200,8 +2200,10 @@ RESERVED CVE-2015-2113 RESERVED + NOT-FOR-US: HP Thin Clients CVE-2015-2112 RESERVED + NOT-FOR-US: HP Thin Clients CVE-2015-2111 (Unspecified vulnerability in HP Intelligent Provisioning 1.40 through ...) NOT-FOR-US: HP Intelligent Provisioning CVE-2015-2110 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33443 - data/CVE
Author: fgeek-guest Date: 2015-04-09 03:34:25 + (Thu, 09 Apr 2015) New Revision: 33443 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-04-09 03:31:52 UTC (rev 33442) +++ data/CVE/list 2015-04-09 03:34:25 UTC (rev 33443) @@ -6648,10 +6648,13 @@ RESERVED CVE-2015-0677 RESERVED + NOT-FOR-US: Cisco ASA CVE-2015-0676 RESERVED + NOT-FOR-US: Cisco ASA CVE-2015-0675 RESERVED + NOT-FOR-US: Cisco ASA CVE-2015-0674 RESERVED CVE-2015-0673 (Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33444 - data/CVE
Author: fgeek-guest Date: 2015-04-09 03:35:28 + (Thu, 09 Apr 2015) New Revision: 33444 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-04-09 03:34:25 UTC (rev 33443) +++ data/CVE/list 2015-04-09 03:35:28 UTC (rev 33444) @@ -23,6 +23,7 @@ RESERVED CVE-2015-2926 RESERVED + NOT-FOR-US: phpTrafficA CVE-2014-9714 RESERVED CVE-2015- [fixes related to 8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33447 - data/CVE
Author: fgeek-guest Date: 2015-04-09 04:27:57 + (Thu, 09 Apr 2015) New Revision: 33447 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-04-09 04:27:16 UTC (rev 33446) +++ data/CVE/list 2015-04-09 04:27:57 UTC (rev 33447) @@ -6622,29 +6622,29 @@ CVE-2015-0691 RESERVED CVE-2015-0690 (Cross-site scripting (XSS) vulnerability in the HTML help system on ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0689 RESERVED CVE-2015-0688 (Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0687 (The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0686 (The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0685 (Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0684 (SQL injection vulnerability in the Image Management component in Cisco ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0683 (Cisco Unified Communications Domain Manager 8.1(4) allows remote ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0682 (Cisco Unified Communications Domain Manager 8.1(4) allows remote ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0681 RESERVED CVE-2015-0680 (Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0679 (The web-authentication functionality on Cisco Wireless LAN Controller ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0678 RESERVED NOT-FOR-US: Cisco ASA @@ -6690,7 +6690,7 @@ CVE-2015-0659 (The Autonomic Networking Infrastructure (ANI) implementation in Cisco ...) NOT-FOR-US: Cisco CVE-2015-0658 (The DHCP implementation in the PowerOn Auto Provisioning (POAP) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0657 (Cisco IOS XR allows remote attackers to cause a denial of service ...) NOT-FOR-US: Cisco CVE-2015-0656 (Cross-site scripting (XSS) vulnerability in the login page in Cisco ...) @@ -6714,7 +6714,7 @@ CVE-2015-0647 (Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to ...) NOT-FOR-US: Cisco CVE-2015-0646 (Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0645 (The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before ...) NOT-FOR-US: Cisco CVE-2015-0644 (AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before ...) @@ -9839,7 +9839,7 @@ CVE-2015-0180 RESERVED CVE-2015-0179 (Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 ...) - TODO: check + NOT-FOR-US: IBM Domino CVE-2015-0178 (The Java overlay feature in IBM Bluemix Liberty before ...) NOT-FOR-US: IBM Bluemix Liberty CVE-2015-0177 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...) @@ -9929,7 +9929,7 @@ CVE-2015-0135 RESERVED CVE-2015-0134 (Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-0133 (IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote ...) NOT-FOR-US: IBM CVE-2015-0132 (The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 ...) @@ -9959,11 +9959,11 @@ CVE-2015-0120 RESERVED CVE-2015-0119 (FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before ...) - TODO: check + NOT-FOR-US: IBM Tivoli Storage Manager FastBack CVE-2015-0118 RESERVED CVE-2015-0117 (The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x ...) - TODO: check + NOT-FOR-US: IBM Domino CVE-2015-0116 RESERVED CVE-2015-0115 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33450 - data/CVE
Author: fgeek-guest Date: 2015-04-09 05:28:12 + (Thu, 09 Apr 2015) New Revision: 33450 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-04-09 04:41:10 UTC (rev 33449) +++ data/CVE/list 2015-04-09 05:28:12 UTC (rev 33450) @@ -19,6 +19,12 @@ NOTE: http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=39547d600a13713e15429f49768e54c3173c828d NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=56508 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/08/4 +CVE-2015-3030 + NOT-FOR-US: McAfee Advanced Threat Defense +CVE-2015-3029 + NOT-FOR-US: McAfee Advanced Threat Defense +CVE-2015-3028 + NOT-FOR-US: McAfee Advanced Threat Defense CVE-2015-2930 RESERVED CVE-2015-2926 @@ -4537,6 +4543,7 @@ RESERVED CVE-2015-1317 RESERVED + NOT-FOR-US: Oxide CVE-2015-1316 RESERVED CVE-2015-1315 (Buffer overflow in the charset_to_intern function in unix/unix.c in ...) @@ -6083,6 +6090,7 @@ RESERVED CVE-2015-0905 RESERVED + NOT-FOR-US: bBlog CVE-2015-0904 RESERVED CVE-2015-0903 (Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33445 - data/CVE
Author: fgeek-guest Date: 2015-04-09 03:39:32 + (Thu, 09 Apr 2015) New Revision: 33445 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-04-09 03:35:28 UTC (rev 33444) +++ data/CVE/list 2015-04-09 03:39:32 UTC (rev 33445) @@ -6647,6 +6647,7 @@ TODO: check CVE-2015-0678 RESERVED + NOT-FOR-US: Cisco ASA CVE-2015-0677 RESERVED NOT-FOR-US: Cisco ASA ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33448 - data/CVE
Author: fgeek-guest
Date: 2015-04-09 04:32:22 + (Thu, 09 Apr 2015)
New Revision: 33448
Modified:
data/CVE/list
Log:
NFU
Modified: data/CVE/list
===
--- data/CVE/list 2015-04-09 04:27:57 UTC (rev 33447)
+++ data/CVE/list 2015-04-09 04:32:22 UTC (rev 33448)
@@ -193,13 +193,13 @@
CVE-2015-2842
RESERVED
CVE-2015-2841 (Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows
remote ...)
- TODO: check
+ NOT-FOR-US: Citrix NetScaler
CVE-2015-2840 (Cross-site scripting (XSS) vulnerability in
help/rt/large_search.html ...)
- TODO: check
+ NOT-FOR-US: Citrix NetScaler
CVE-2015-2839 (The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses
an ...)
- TODO: check
+ NOT-FOR-US: Citrix NetScaler
CVE-2015-2838 (Cross-site request forgery (CSRF) vulnerability in Nitro API in
Citrix ...)
- TODO: check
+ NOT-FOR-US: Citrix NetScaler
CVE-2015-2929 [Dos against tor client; client to crash with an assertion
failure]
RESERVED
{DSA-3216-1 DLA-187-1}
@@ -276,10 +276,12 @@
RESERVED
CVE-2015-2826
RESERVED
+ NOT-FOR-US: WordPress plugin simple-ads-manager
CVE-2015-2825
RESERVED
+ NOT-FOR-US: WordPress plugin simple-ads-manager
CVE-2015-2824 (Multiple SQL injection vulnerabilities in sam-ajax-admin.php in
the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin simple-ads-manager
CVE-2015-2823
RESERVED
CVE-2015-2822
@@ -357,7 +359,7 @@
CVE-2015-2794
RESERVED
CVE-2015-2792 (The WPML plugin before 3.1.9 for WordPress does not properly
handle ...)
- TODO: check
+ NOT-FOR-US: WPML plugin for WordPress
CVE-2015-2791 (The quot;menu syncquot; function in the WPML plugin before
3.1.9 for WordPress ...)
NOT-FOR-US: WPML plugin for WordPress
CVE-2015-2790 (Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1
allow ...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33449 - /
Author: fgeek-guest Date: 2015-04-09 04:41:10 + (Thu, 09 Apr 2015) New Revision: 33449 Modified: TODO.gitmigration Log: Add a comment to Git migration todo Modified: TODO.gitmigration === --- TODO.gitmigration 2015-04-09 04:32:22 UTC (rev 33448) +++ TODO.gitmigration 2015-04-09 04:41:10 UTC (rev 33449) @@ -17,5 +17,7 @@ team-security.debian.org website - split CVE/list by year? +- fgeek: I do not think this is a good idea, because it makes it harder to + search and edit list file - move this file to git ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33442 - data/CVE
Author: fgeek-guest Date: 2015-04-09 03:31:52 + (Thu, 09 Apr 2015) New Revision: 33442 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-04-08 21:15:07 UTC (rev 33441) +++ data/CVE/list 2015-04-09 03:31:52 UTC (rev 33442) @@ -5153,70 +5153,103 @@ RESERVED CVE-2015-1117 RESERVED + NOT-FOR-US: iOS CVE-2015-1116 RESERVED + NOT-FOR-US: iOS CVE-2015-1115 RESERVED + NOT-FOR-US: iOS CVE-2015-1114 RESERVED + NOT-FOR-US: iOS CVE-2015-1113 RESERVED + NOT-FOR-US: iOS CVE-2015-1112 RESERVED + NOT-FOR-US: iOS CVE-2015- RESERVED + NOT-FOR-US: iOS CVE-2015-1110 RESERVED + NOT-FOR-US: iOS CVE-2015-1109 RESERVED + NOT-FOR-US: iOS CVE-2015-1108 RESERVED + NOT-FOR-US: iOS CVE-2015-1107 RESERVED + NOT-FOR-US: iOS CVE-2015-1106 RESERVED + NOT-FOR-US: iOS CVE-2015-1105 RESERVED + NOT-FOR-US: iOS CVE-2015-1104 RESERVED + NOT-FOR-US: iOS CVE-2015-1103 RESERVED + NOT-FOR-US: iOS CVE-2015-1102 RESERVED + NOT-FOR-US: iOS CVE-2015-1101 RESERVED + NOT-FOR-US: iOS CVE-2015-1100 RESERVED + NOT-FOR-US: iOS CVE-2015-1099 RESERVED + NOT-FOR-US: iOS CVE-2015-1098 RESERVED + NOT-FOR-US: iOS CVE-2015-1097 RESERVED + NOT-FOR-US: iOS CVE-2015-1096 RESERVED + NOT-FOR-US: iOS CVE-2015-1095 RESERVED + NOT-FOR-US: iOS CVE-2015-1094 RESERVED + NOT-FOR-US: iOS CVE-2015-1093 RESERVED + NOT-FOR-US: iOS CVE-2015-1092 RESERVED + NOT-FOR-US: iOS CVE-2015-1091 RESERVED + NOT-FOR-US: iOS CVE-2015-1090 RESERVED + NOT-FOR-US: iOS CVE-2015-1089 RESERVED + NOT-FOR-US: iOS CVE-2015-1088 RESERVED + NOT-FOR-US: iOS CVE-2015-1087 RESERVED + NOT-FOR-US: iOS CVE-2015-1086 RESERVED + NOT-FOR-US: iOS CVE-2015-1085 RESERVED + NOT-FOR-US: iOS CVE-2015-1084 (The user interface in WebKit, as used in Apple Safari before 6.2.4, ...) NOT-FOR-US: Safari CVE-2015-1083 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33384 - data/CVE
Author: fgeek-guest Date: 2015-04-05 06:40:40 + (Sun, 05 Apr 2015) New Revision: 33384 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-04-05 04:38:26 UTC (rev 33383) +++ data/CVE/list 2015-04-05 06:40:40 UTC (rev 33384) @@ -5388,8 +5388,10 @@ RESERVED CVE-2015-0951 RESERVED + NOT-FOR-US: X-Cart CVE-2015-0950 RESERVED + NOT-FOR-US: X-Cart CVE-2015-0949 RESERVED CVE-2015-0948 @@ -5426,6 +5428,7 @@ NOT-FOR-US: ShareLaTeX CVE-2015-0932 RESERVED + NOT-FOR-US: ANTlabs InnGate CVE-2015-0931 (Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and ...) NOT-FOR-US: Ektron CMS CVE-2015-0930 (The web interface on SerVision HVG Video Gateway devices with firmware ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33334 - data/CVE
Author: fgeek-guest Date: 2015-04-02 06:38:38 + (Thu, 02 Apr 2015) New Revision: 4 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-04-02 06:24:35 UTC (rev 3) +++ data/CVE/list 2015-04-02 06:38:38 UTC (rev 4) @@ -1820,6 +1820,7 @@ RESERVED CVE-2015-2111 RESERVED + NOT-FOR-US: HP Intelligent Provisioning CVE-2015-2110 RESERVED CVE-2015-2109 (Unspecified vulnerability in HP Operations Orchestration 10.x allows ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33324 - data/CVE
Author: fgeek-guest Date: 2015-04-01 17:32:41 + (Wed, 01 Apr 2015) New Revision: 33324 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-04-01 17:11:54 UTC (rev 33323) +++ data/CVE/list 2015-04-01 17:32:41 UTC (rev 33324) @@ -6228,6 +6228,7 @@ NOT-FOR-US: Cisco CVE-2015-0666 RESERVED + NOT-FOR-US: Cisco CVE-2015-0665 (The Hostscan module in Cisco AnyConnect Secure Mobility Client ...) NOT-FOR-US: Cisco CVE-2015-0664 (The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) ...) @@ -6328,14 +6329,19 @@ NOT-FOR-US: Cisco CVE-2015-0616 RESERVED + NOT-FOR-US: Cisco CVE-2015-0615 RESERVED + NOT-FOR-US: Cisco CVE-2015-0614 RESERVED + NOT-FOR-US: Cisco CVE-2015-0613 RESERVED + NOT-FOR-US: Cisco CVE-2015-0612 RESERVED + NOT-FOR-US: Cisco CVE-2015-0611 (The administrative web-management portal in Cisco IX 8 (.0.1) and ...) NOT-FOR-US: Cisco TelePresence CVE-2015-0610 (Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33323 - data/CVE
Author: fgeek-guest Date: 2015-04-01 17:11:54 + (Wed, 01 Apr 2015) New Revision: 33323 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-04-01 15:30:57 UTC (rev 33322) +++ data/CVE/list 2015-04-01 17:11:54 UTC (rev 33323) @@ -7171,6 +7171,7 @@ RESERVED CVE-2015-0529 RESERVED + NOT-FOR-US: EMC PowerPath Virtual Appliance CVE-2015-0528 (The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, ...) NOT-FOR-US: EMC Isilon OneFS CVE-2015-0527 (EMC Documentum xCelerated Management System (xMS) 1.1 before P14 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33226 - data/CVE
Author: fgeek-guest Date: 2015-03-29 06:54:53 + (Sun, 29 Mar 2015) New Revision: 33226 Modified: data/CVE/list Log: CVE-2014-9713/openldap Modified: data/CVE/list === --- data/CVE/list 2015-03-29 06:45:01 UTC (rev 33225) +++ data/CVE/list 2015-03-29 06:54:53 UTC (rev 33226) @@ -110,6 +110,8 @@ NOT-FOR-US: Websense CVE-2015-2701 (Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 ...) TODO: check +CVE-2014-9713 [slapd: dangerous access rule in default config] + - openldap 2.4.40-2 (bug #761406) CVE-2014-9711 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Websense CVE-2015-2700 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33227 - data/CVE
Author: fgeek-guest Date: 2015-03-29 06:58:27 + (Sun, 29 Mar 2015) New Revision: 33227 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-03-29 06:54:53 UTC (rev 33226) +++ data/CVE/list 2015-03-29 06:58:27 UTC (rev 33227) @@ -109,7 +109,7 @@ CVE-2015-2702 (Cross-site scripting (XSS) vulnerability in the Message Log in the ...) NOT-FOR-US: Websense CVE-2015-2701 (Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 ...) - TODO: check + NOT-FOR-US: CS-Cart CVE-2014-9713 [slapd: dangerous access rule in default config] - openldap 2.4.40-2 (bug #761406) CVE-2014-9711 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) @@ -4683,17 +4683,17 @@ CVE-2015-1067 (Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, ...) NOT-FOR-US: Apple CVE-2015-1066 (Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 ...) - TODO: check + NOT-FOR-US: Apple CVE-2015-1065 (Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 ...) - TODO: check + NOT-FOR-US: Apple CVE-2015-1064 (Springboard in Apple iOS before 8.2 allows physically proximate ...) - TODO: check + NOT-FOR-US: Apple CVE-2015-1063 (CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause ...) - TODO: check + NOT-FOR-US: Apple CVE-2015-1062 (MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 ...) - TODO: check + NOT-FOR-US: Apple CVE-2015-1061 (IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and ...) - TODO: check + NOT-FOR-US: Apple CVE-2015-1060 (Open redirect vulnerability in lib/Cake/Controller/Controller.php in ...) NOT-FOR-US: AdaptCMS CVE-2015-1059 (Unrestricted file upload vulnerability in admin/files/add in AdaptCMS ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33180 - data/CVE
Author: fgeek-guest
Date: 2015-03-27 06:00:33 + (Fri, 27 Mar 2015)
New Revision: 33180
Modified:
data/CVE/list
Log:
NFU, external check
Modified: data/CVE/list
===
--- data/CVE/list 2015-03-26 21:25:59 UTC (rev 33179)
+++ data/CVE/list 2015-03-27 06:00:33 UTC (rev 33180)
@@ -2257,6 +2257,7 @@
RESERVED
CVE-2015-1841
RESERVED
+ NOT-FOR-US: RHEV
CVE-2015-1840
RESERVED
CVE-2015-1839
@@ -8777,6 +8778,8 @@
NOT-FOR-US: Red Hat Satellite
CVE-2015-0283
RESERVED
+ TODO: check
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1195729
CVE-2015-0282 (GnuTLS before 3.1.0 does not verify that the RSA PKCS #1
signature ...)
{DSA-3191-1 DLA-180-1}
- gnutls26 removed
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33191 - data/CVE
Author: fgeek-guest Date: 2015-03-27 15:32:52 + (Fri, 27 Mar 2015) New Revision: 33191 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-03-27 15:19:10 UTC (rev 33190) +++ data/CVE/list 2015-03-27 15:32:52 UTC (rev 33191) @@ -81,13 +81,13 @@ CVE-2015-2705 RESERVED CVE-2015-2703 (Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON ...) - TODO: check + NOT-FOR-US: Websense CVE-2015-2702 (Cross-site scripting (XSS) vulnerability in the Message Log in the ...) - TODO: check + NOT-FOR-US: Websense CVE-2015-2701 (Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 ...) TODO: check CVE-2014-9711 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - TODO: check + NOT-FOR-US: Websense CVE-2015-2700 RESERVED CVE-2015-2699 @@ -9664,11 +9664,11 @@ CVE-2014-8926 RESERVED CVE-2014-8925 (Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-8924 RESERVED CVE-2014-8923 (The (1) IBM Tivoli Identity Manager Active Directory adapter before ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-8922 RESERVED CVE-2014-8921 (The IBM Notes Traveler Companion application 1.0 and 1.1 before ...) @@ -16628,7 +16628,7 @@ CVE-2014-6135 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before ...) NOT-FOR-US: IBM CVE-2014-6134 (IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-6133 (IBM API Management 3.x before 3.0.1.0 allows local users to obtain ...) NOT-FOR-US: IBM API Management CVE-2014-6132 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33190 - data/CVE
Author: fgeek-guest Date: 2015-03-27 15:19:10 + (Fri, 27 Mar 2015) New Revision: 33190 Modified: data/CVE/list Log: ocportal itp Modified: data/CVE/list === --- data/CVE/list 2015-03-27 15:14:55 UTC (rev 33189) +++ data/CVE/list 2015-03-27 15:19:10 UTC (rev 33190) @@ -147,7 +147,7 @@ CVE-2015-2678 (Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix ...) TODO: check CVE-2015-2677 (Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before ...) - TODO: check + - ocportal itp (bug #625865) CVE-2015-2676 (Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 ...) NOT-FOR-US: Asus CVE-2015-2689 [Assertion failure in dns.c, possibly connected to UDP DoS attack] @@ -175690,7 +175690,7 @@ CVE-2004-1593 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: SCT email client CVE-2004-1592 (PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 ...) - NOT-FOR-US: ocPortal + - ocportal itp (bug #625865) CVE-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM ...) NOT-FOR-US: Micronet Wireless Router CVE-2004-1590 (Clientexec allows remote attackers to gain sensitive information via ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33192 - data/CVE
Author: fgeek-guest Date: 2015-03-27 15:36:42 + (Fri, 27 Mar 2015) New Revision: 33192 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-03-27 15:32:52 UTC (rev 33191) +++ data/CVE/list 2015-03-27 15:36:42 UTC (rev 33192) @@ -7771,7 +7771,7 @@ CVE-2014-9262 RESERVED CVE-2014-9261 (The sanitize function in Codoforum 2.5.1 does not properly implement ...) - TODO: check + NOT-FOR-US: Codoforum CVE-2014-9260 RESERVED CVE-2014-9259 @@ -7888,9 +7888,9 @@ CVE-2014-9208 RESERVED CVE-2014-9207 (Untrusted search path vulnerability in CmnView.exe in CIMON CmnView ...) - TODO: check + NOT-FOR-US: CIMON CmnView CVE-2014-9206 (Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and ...) - TODO: check + NOT-FOR-US: Schneider Electric Invensys CVE-2014-9205 RESERVED CVE-2014-9204 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33189 - data/CVE
Author: fgeek-guest Date: 2015-03-27 15:14:55 + (Fri, 27 Mar 2015) New Revision: 33189 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-03-27 13:01:05 UTC (rev 33188) +++ data/CVE/list 2015-03-27 15:14:55 UTC (rev 33189) @@ -5967,17 +5967,17 @@ CVE-2015-0674 RESERVED CVE-2015-0673 (Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0672 (The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0671 (The DNS implementation in Cisco Videoscape Distribution Suite for ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0670 (The default configuration of Cisco Small Business IP phones SPA 300 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0669 (The Autonomic Networking Infrastructure (ANI) implementation in Cisco ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0668 (Cross-site scripting (XSS) vulnerability in the administration portal ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-0667 (The Management Interface on Cisco Content Services Switch (CSS) 11500 ...) NOT-FOR-US: Cisco CVE-2015-0666 @@ -9109,11 +9109,11 @@ CVE-2015-0200 RESERVED CVE-2015-0199 (The mmfslinux kernel module in IBM General Parallel File System (GPFS) ...) - TODO: check + NOT-FOR-US: IBM General Parallel File System CVE-2015-0198 (IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 ...) - TODO: check + NOT-FOR-US: IBM General Parallel File System CVE-2015-0197 (IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 ...) - TODO: check + NOT-FOR-US: IBM General Parallel File System CVE-2015-0196 RESERVED CVE-2015-0195 @@ -9151,9 +9151,9 @@ CVE-2015-0179 RESERVED CVE-2015-0178 (The Java overlay feature in IBM Bluemix Liberty before ...) - TODO: check + NOT-FOR-US: IBM Bluemix Liberty CVE-2015-0177 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...) - TODO: check + NOT-FOR-US: IBM WebSphere Portal CVE-2015-0176 RESERVED CVE-2015-0175 @@ -9191,7 +9191,7 @@ CVE-2015-0159 REJECTED CVE-2015-0158 (Cross-site scripting (XSS) vulnerability in the Coach NG framework in ...) - TODO: check + NOT-FOR-US: IBM Business Process Manager CVE-2015-0157 RESERVED CVE-2015-0156 @@ -9209,13 +9209,13 @@ CVE-2015-0150 RESERVED CVE-2015-0149 (The developer portal in IBM API Management 3.0 before 3.0.4.1 does not ...) - TODO: check + NOT-FOR-US: IBM API Management CVE-2015-0148 RESERVED CVE-2015-0147 RESERVED CVE-2015-0146 (IBM Content Collector for Email 3.0 before ...) - TODO: check + NOT-FOR-US: IBM Content Collector CVE-2015-0145 RESERVED CVE-2015-0144 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33199 - data/CVE
Author: fgeek-guest Date: 2015-03-27 19:16:29 + (Fri, 27 Mar 2015) New Revision: 33199 Modified: data/CVE/list Log: remove empty line Modified: data/CVE/list === --- data/CVE/list 2015-03-27 19:09:21 UTC (rev 33198) +++ data/CVE/list 2015-03-27 19:16:29 UTC (rev 33199) @@ -2451,7 +2451,6 @@ - qemu-kvm not-affected (Websocket protocol support introduced in v1.4.0-rc0) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html NOTE: Original patches have problem: https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04995.html - CVE-2015-1778 RESERVED NOT-FOR-US: OpenDaylight ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33168 - data/CVE
Author: fgeek-guest Date: 2015-03-26 15:50:17 + (Thu, 26 Mar 2015) New Revision: 33168 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-03-26 14:48:41 UTC (rev 33167) +++ data/CVE/list 2015-03-26 15:50:17 UTC (rev 33168) @@ -9135,41 +9135,41 @@ CVE-2015-0140 RESERVED CVE-2015-0139 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 ...) - TODO: check + NOT-FOR-US: IBM WebSphere Portal CVE-2015-0138 (GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before ...) - TODO: check + NOT-FOR-US: IBM Tivoli Directory Server CVE-2015-0137 (IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 ...) - TODO: check + NOT-FOR-US: IBM PowerVC CVE-2015-0136 (powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x ...) - TODO: check + NOT-FOR-US: IBM PowerVC CVE-2015-0135 RESERVED CVE-2015-0134 RESERVED CVE-2015-0133 (IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-0132 (The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-0131 RESERVED CVE-2015-0130 RESERVED CVE-2015-0129 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...) - TODO: check + NOT-FOR-US: IBM Rational Quality Manager CVE-2015-0128 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...) - TODO: check + NOT-FOR-US: IBM Rational Quality Manager CVE-2015-0127 RESERVED CVE-2015-0126 RESERVED CVE-2015-0125 (Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next ...) - TODO: check + NOT-FOR-US: IBM Rational DOORS Next Generation CVE-2015-0124 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...) - TODO: check + NOT-FOR-US: IBM Rational Quality Manager CVE-2015-0123 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...) - TODO: check + NOT-FOR-US: IBM Rational Team Concert CVE-2015-0122 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...) - TODO: check + NOT-FOR-US: IBM Rational Team Concert CVE-2015-0121 RESERVED CVE-2015-0120 @@ -9201,13 +9201,13 @@ CVE-2015-0107 RESERVED CVE-2015-0106 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...) - TODO: check + NOT-FOR-US: IBM Business Process Manager CVE-2015-0105 (Cross-site scripting (XSS) vulnerability in the Process Portal in IBM ...) - TODO: check + NOT-FOR-US: IBM Business Process Manager CVE-2015-0104 RESERVED CVE-2015-0103 (Multiple cross-site scripting (XSS) vulnerabilities in the Process ...) - TODO: check + NOT-FOR-US: IBM Business Process Manager CVE-2015-0102 RESERVED CVE-2015-0101 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33128 - data/CVE
Author: fgeek-guest Date: 2015-03-25 06:22:44 + (Wed, 25 Mar 2015) New Revision: 33128 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-03-25 05:57:54 UTC (rev 33127) +++ data/CVE/list 2015-03-25 06:22:44 UTC (rev 33128) @@ -9150,7 +9150,7 @@ CVE-2015-0098 RESERVED CVE-2015-0097 (Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2015-0096 (Untrusted search path vulnerability in Microsoft Windows Server 2003 ...) NOT-FOR-US: Microsoft CVE-2015-0095 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...) @@ -9172,11 +9172,11 @@ CVE-2015-0087 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista ...) NOT-FOR-US: Microsoft CVE-2015-0086 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2015-0085 (Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2015-0084 (The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2015-0083 RESERVED CVE-2015-0082 @@ -9186,19 +9186,19 @@ CVE-2015-0080 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...) NOT-FOR-US: Microsoft CVE-2015-0079 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2015-0078 (win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2015-0077 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...) NOT-FOR-US: Microsoft CVE-2015-0076 (The photo-decoder implementation in Microsoft Windows Vista SP2, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2015-0075 (The kernel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, ...) NOT-FOR-US: Microsoft CVE-2015-0074 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista ...) NOT-FOR-US: Microsoft CVE-2015-0073 (The Windows Registry Virtualization feature in the kernel in Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2015-0072 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-0071 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33131 - data/CVE
Author: fgeek-guest
Date: 2015-03-25 06:43:54 + (Wed, 25 Mar 2015)
New Revision: 33131
Modified:
data/CVE/list
Log:
NFU
Modified: data/CVE/list
===
--- data/CVE/list 2015-03-25 06:38:04 UTC (rev 33130)
+++ data/CVE/list 2015-03-25 06:43:54 UTC (rev 33131)
@@ -743,13 +743,13 @@
CVE-2015-2336
RESERVED
CVE-2015-2335 (A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4
allows ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2015-2334 (Cross-site request forgery (CSRF) vulnerability in the Admin
Control ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2015-2333 (Cross-site scripting (XSS) vulnerability in the MyCode editor
in MyBB ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2015-2332 (Cross-site scripting (XSS) vulnerability in member.php in MyBB
(aka ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2015-2559 [SA-CORE-2015-001: Access bypass]
RESERVED
{DSA-3200-1}
@@ -797,9 +797,9 @@
[squeeze] - python-django not-affected (vulnerable code not present)
NOTE:
https://github.com/django/django/commit/e63363f8e075fa8d66326ad6a1cc3391cc95cd97
(1.7.x)
CVE-2015-2315 (Cross-site scripting (XSS) vulnerability in the WPML plugin
before ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin wpml
CVE-2015-2314 (SQL injection vulnerability in the WPML plugin before 3.1.9 for
...)
- TODO: check
+ NOT-FOR-US: WordPress plugin wpml
CVE-2012-6690
RESERVED
CVE-2015- [nasal scripts can ready any file]
@@ -876,9 +876,9 @@
CVE-2015-2294
RESERVED
CVE-2015-2293 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
- TODO: check
+ NOT-FOR-US: WordPress plugin wordpress-seo
CVE-2015-2292 (Multiple SQL injection vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin wordpress-seo
CVE-2015-2291
RESERVED
CVE-2015-2290
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33129 - data/CVE
Author: fgeek-guest
Date: 2015-03-25 06:35:39 + (Wed, 25 Mar 2015)
New Revision: 33129
Modified:
data/CVE/list
Log:
NFU
Modified: data/CVE/list
===
--- data/CVE/list 2015-03-25 06:22:44 UTC (rev 33128)
+++ data/CVE/list 2015-03-25 06:35:39 UTC (rev 33129)
@@ -5,7 +5,7 @@
CVE-2015-2682
RESERVED
CVE-2015-2681 (Multiple cross-site scripting (XSS) vulnerabilities in the ASUS
RT-G32 ...)
- TODO: check
+ NOT-FOR-US: Asus
CVE-2015-2680 (Cross-site request forgery (CSRF) vulnerability in MetalGenix
GeniXCMS ...)
TODO: check
CVE-2015-2679 (Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS
before ...)
@@ -15,7 +15,7 @@
CVE-2015-2677 (Multiple cross-site scripting (XSS) vulnerabilities in ocPortal
before ...)
TODO: check
CVE-2015-2676 (Cross-site request forgery (CSRF) vulnerability in the Asus
RT-G32 ...)
- TODO: check
+ NOT-FOR-US: Asus
CVE-2015-2689 [Assertion failure in dns.c, possibly connected to UDP DoS
attack]
{DSA-3203-1 DLA-178-1}
- tor 0.2.5.11-1
@@ -668,11 +668,11 @@
CVE-2015-2352 (The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4
does not ...)
TODO: check
CVE-2015-2351 (Multiple cross-site scripting (XSS) vulnerabilities in Alkacon
OpenCms ...)
- TODO: check
+ NOT-FOR-US: Alkacon OpenCms
CVE-2015-2350 (Cross-site request forgery (CSRF) vulnerability in MikroTik
RouterOS ...)
- TODO: check
+ NOT-FOR-US: MikroTik RouterOS
CVE-2015-2349 (Cross-site scripting (XSS) vulnerability in
defaultnewsletter.php in ...)
- TODO: check
+ NOT-FOR-US: SuperWebMailer
CVE-2014-9708
RESERVED
CVE-2014-9707
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33130 - data/CVE
Author: fgeek-guest Date: 2015-03-25 06:38:04 + (Wed, 25 Mar 2015) New Revision: 33130 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-03-25 06:35:39 UTC (rev 33129) +++ data/CVE/list 2015-03-25 06:38:04 UTC (rev 33130) @@ -12352,9 +12352,9 @@ CVE-2014-7886 RESERVED CVE-2014-7885 (Multiple unspecified vulnerabilities in HP ArcSight Enterprise ...) - TODO: check + NOT-FOR-US: HP ArcSight CVE-2014-7884 (Multiple unspecified vulnerabilities in HP ArcSight Logger before ...) - TODO: check + NOT-FOR-US: HP ArcSight CVE-2014-7883 (HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the ...) NOT-FOR-US: HP CVE-2014-7882 (Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows ...) @@ -16302,7 +16302,7 @@ CVE-2014-6215 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...) NOT-FOR-US: IBM CVE-2014-6214 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-6213 RESERVED CVE-2014-6212 (The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 ...) @@ -16443,7 +16443,7 @@ CVE-2014-6145 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos ...) NOT-FOR-US: IBM CVE-2014-6144 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-6143 (The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 ...) NOT-FOR-US: IBM CVE-2014-6142 @@ -16469,11 +16469,11 @@ CVE-2014-6132 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...) NOT-FOR-US: IBM CVE-2014-6131 (IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-6130 (The IBM Notes Traveler application before 9.0.1.3 for Android lacks a ...) NOT-FOR-US: IBM Notes Traveler application for Android CVE-2014-6129 (IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-6128 RESERVED CVE-2014-6127 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33142 - data/CVE
Author: fgeek-guest Date: 2015-03-25 17:27:33 + (Wed, 25 Mar 2015) New Revision: 33142 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-03-25 17:17:46 UTC (rev 33141) +++ data/CVE/list 2015-03-25 17:27:33 UTC (rev 33142) @@ -5885,8 +5885,10 @@ RESERVED CVE-2015-0645 RESERVED + NOT-FOR-US: Cisco CVE-2015-0644 RESERVED + NOT-FOR-US: Cisco CVE-2015-0643 RESERVED NOT-FOR-US: Cisco @@ -5895,10 +5897,13 @@ NOT-FOR-US: Cisco CVE-2015-0641 RESERVED + NOT-FOR-US: Cisco CVE-2015-0640 RESERVED + NOT-FOR-US: Cisco CVE-2015-0639 RESERVED + NOT-FOR-US: Cisco CVE-2015-0638 RESERVED NOT-FOR-US: Cisco ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33139 - data/CVE
Author: fgeek-guest Date: 2015-03-25 17:14:10 + (Wed, 25 Mar 2015) New Revision: 33139 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-03-25 16:55:52 UTC (rev 33138) +++ data/CVE/list 2015-03-25 17:14:10 UTC (rev 33139) @@ -5870,12 +5870,16 @@ NOT-FOR-US: Cisco CVE-2015-0650 RESERVED + NOT-FOR-US: Cisco CVE-2015-0649 RESERVED + NOT-FOR-US: Cisco CVE-2015-0648 RESERVED + NOT-FOR-US: Cisco CVE-2015-0647 RESERVED + NOT-FOR-US: Cisco CVE-2015-0646 RESERVED CVE-2015-0645 @@ -5884,8 +5888,10 @@ RESERVED CVE-2015-0643 RESERVED + NOT-FOR-US: Cisco CVE-2015-0642 RESERVED + NOT-FOR-US: Cisco CVE-2015-0641 RESERVED CVE-2015-0640 @@ -5894,6 +5900,7 @@ RESERVED CVE-2015-0638 RESERVED + NOT-FOR-US: Cisco CVE-2015-0637 RESERVED CVE-2015-0636 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33140 - data/CVE
Author: fgeek-guest Date: 2015-03-25 17:15:24 + (Wed, 25 Mar 2015) New Revision: 33140 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-03-25 17:14:10 UTC (rev 33139) +++ data/CVE/list 2015-03-25 17:15:24 UTC (rev 33140) @@ -5903,10 +5903,13 @@ NOT-FOR-US: Cisco CVE-2015-0637 RESERVED + NOT-FOR-US: Cisco CVE-2015-0636 RESERVED + NOT-FOR-US: Cisco CVE-2015-0635 RESERVED + NOT-FOR-US: Cisco CVE-2015-0634 RESERVED CVE-2015-0633 (The Integrated Management Controller (IMC) in Cisco Unified Computing ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33144 - data/CVE
Author: fgeek-guest Date: 2015-03-25 18:43:24 + (Wed, 25 Mar 2015) New Revision: 33144 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-03-25 18:41:42 UTC (rev 33143) +++ data/CVE/list 2015-03-25 18:43:24 UTC (rev 33144) @@ -6800,6 +6800,7 @@ RESERVED CVE-2015-0528 RESERVED + NOT-FOR-US: EMC Isilon OneFS CVE-2015-0527 (EMC Documentum xCelerated Management System (xMS) 1.1 before P14 ...) NOT-FOR-US: EMC CVE-2015-0526 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33119 - data/CVE
Author: fgeek-guest Date: 2015-03-24 18:20:07 + (Tue, 24 Mar 2015) New Revision: 33119 Modified: data/CVE/list Log: CVE-2015-2689/tor Modified: data/CVE/list === --- data/CVE/list 2015-03-24 18:07:26 UTC (rev 33118) +++ data/CVE/list 2015-03-24 18:20:07 UTC (rev 33119) @@ -1,3 +1,10 @@ +CVE-2015-2688 +CVE-2015-2689 [Assertion failure in dns.c, possibly connected to UDP DoS attack] + - tor 0.2.5.11-1 + [wheezy] - tor 0.2.4.26-1 + [squeeze] - tor 0.2.4.26-1~deb6u1 + NOTE: added workaround, add to data/D[L|S]A/list + NOTE: https://bugs.torproject.org/14129 CVE-2015-2687 [information leak when live-migration failed] - nova unfixed NOTE: https://bugs.launchpad.net/nova/+bug/1419577 @@ -660,13 +667,6 @@ - qemu-kvm removed NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8 (v2.2.0-rc2) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/24/4 -CVE-2015- [Assertion failure in dns.c, possibly connected to UDP DoS attack] - - tor 0.2.5.11-1 - [wheezy] - tor 0.2.4.26-1 - [squeeze] - tor 0.2.4.26-1~deb6u1 - NOTE: added workaround, add to data/D[L|S]A/list - NOTE: https://bugs.torproject.org/14129 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/24/7 CVE-2015- [relay could crash with an assertion] - tor 0.2.5.11-1 [wheezy] - tor 0.2.4.26-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33120 - data/CVE
Author: fgeek-guest Date: 2015-03-24 18:21:49 + (Tue, 24 Mar 2015) New Revision: 33120 Modified: data/CVE/list Log: CVE-2015-2688/tor Modified: data/CVE/list === --- data/CVE/list 2015-03-24 18:20:07 UTC (rev 33119) +++ data/CVE/list 2015-03-24 18:21:49 UTC (rev 33120) @@ -1,10 +1,15 @@ -CVE-2015-2688 CVE-2015-2689 [Assertion failure in dns.c, possibly connected to UDP DoS attack] - tor 0.2.5.11-1 [wheezy] - tor 0.2.4.26-1 [squeeze] - tor 0.2.4.26-1~deb6u1 NOTE: added workaround, add to data/D[L|S]A/list NOTE: https://bugs.torproject.org/14129 +CVE-2015-2688 [relay could crash with an assertion] + - tor 0.2.5.11-1 + [wheezy] - tor 0.2.4.26-1 + [squeeze] - tor 0.2.4.26-1~deb6u1 + NOTE: added workaround, add to data/D[L|S]A/list + NOTE: https://trac.torproject.org/projects/tor/ticket/15083 CVE-2015-2687 [information leak when live-migration failed] - nova unfixed NOTE: https://bugs.launchpad.net/nova/+bug/1419577 @@ -667,13 +672,6 @@ - qemu-kvm removed NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8 (v2.2.0-rc2) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/24/4 -CVE-2015- [relay could crash with an assertion] - - tor 0.2.5.11-1 - [wheezy] - tor 0.2.4.26-1 - [squeeze] - tor 0.2.4.26-1~deb6u1 - NOTE: added workaround, add to data/D[L|S]A/list - NOTE: https://trac.torproject.org/projects/tor/ticket/15083 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/23/17 CVE-2015-2686 [sys_sendto/sys_recvfrom does not validate the user provided ubuf pointer] - linux not-affected (Introduced in 3.19, never uploaded to unstable) - linux-2.6 not-affected (Introduced in 3.19, never uploaded to unstable) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33083 - data/CVE
Author: fgeek-guest Date: 2015-03-23 17:29:36 + (Mon, 23 Mar 2015) New Revision: 33083 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-03-23 15:51:06 UTC (rev 33082) +++ data/CVE/list 2015-03-23 17:29:36 UTC (rev 33083) @@ -6050,6 +6050,7 @@ RESERVED CVE-2015-0527 RESERVED + NOT-FOR-US: EMC CVE-2015-0526 RESERVED CVE-2015-0525 (The Gateway Provisioning service in EMC Secure Remote Services Virtual ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Python-modules-team] Fuzzing enzyme
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I found several issues while fuzzing enzyme. I am planning to report these issues to Github upstream project. Do you want to get notified about created issues and do you want me to create Debian BTS items about these cases also? Most of these are probably not security related as it is userland cli tool crash and not e.g. CWE-400 https://scapsync.com/cwe/CWE-400 type of denial of service issue. Used tools: http://lcamtuf.coredump.cx/afl/ https://bitbucket.org/jwilk/python-afl In case you need more information or you want me to fuzz other Python tools please reply, thanks! - -- Henri Salo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJVBAc9AAoJECet96ROqnV0woYP/AroE6j4cGJR8qESVcRoCu/S t8f4vcSBy20b4dmIRZ45za2ID/sBFKIFqL/vjYO3aHDnbDOOgxXnMPOrmZaxSzfT KH9fUiX49mdkvsDa6O7bRHt1pSKCuf68jl0aw5LS51TNOtm5XLblg5E4MluH9zWP d0RY1tQtJ8JS0BGe94ZxQx+IK7mf89HxR1NUxb86UhjctVWInah4PFHkKFSpdGpq vdg5UgoY0PFqRK+atTUZKqGrEjMBSlSmItsQQt65B8gFP5CKRWzVDiGqMNSDuYwb OmCSU/QuaKmhqP7QmUJX20EbKips6qNJqZ3Dh1GdI4X0umyO2o5+cNSAcraZPtUI jqS53pOtHnasemXYBr93YvwsYQ2yUBK3GapjOKVHjtVbrm+luqQwGvLTOHXYuw0J xwcvgNsDd3qK0DR2Ruu/BDsrXL1K3Cd2OJYhAPl9pvB52on2E5LMSu2Q6R3IK715 YNXlgwlYtLcnNe8XjJgBgr+I5xbh5VULWNmV2J3q/3Hzw37egowL3QhyffZJ1i+e Y9MExH0yFvJStN3Dua+s7Po4gYgX3mXYciUlUaC3FMJ79mAeajCJG5beCwtN3sl0 AzkL9T6HY+jAC7UH11dv5lOMk7rboQ4npgMsbBEPH7uR1V/DmudHoVVefY4MaUab iL6JEVGi6Wd4xOtSiQsS =Q1AO -END PGP SIGNATURE- ___ Python-modules-team mailing list Python-modules-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
[Secure-testing-commits] r32864 - data/CVE
Author: fgeek-guest Date: 2015-03-14 08:04:32 + (Sat, 14 Mar 2015) New Revision: 32864 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-03-14 06:12:24 UTC (rev 32863) +++ data/CVE/list 2015-03-14 08:04:32 UTC (rev 32864) @@ -1,3 +1,5 @@ +CVE-2015-2289 + NOT-FOR-US: Serendipity CVE-2015-2287 RESERVED CVE-2015-2286 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32796 - data/CVE
Author: fgeek-guest Date: 2015-03-11 16:06:26 + (Wed, 11 Mar 2015) New Revision: 32796 Modified: data/CVE/list Log: syntax fix Modified: data/CVE/list === --- data/CVE/list 2015-03-11 15:04:41 UTC (rev 32795) +++ data/CVE/list 2015-03-11 16:06:26 UTC (rev 32796) @@ -158,9 +158,9 @@ CVE-2015-2211 RESERVED CVE-2014-9689 (content/renderer/device_sensors/device_orientation_event_pump.cc in ...) -- chromium-browser 41.0.2272.76-1 -[wheezy] - chromium-browser end-of-life -[squeeze] - chromium-browser end-of-life + - chromium-browser 41.0.2272.76-1 + [wheezy] - chromium-browser end-of-life + [squeeze] - chromium-browser end-of-life CVE-2014-9688 (Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for ...) NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2011-5319 (content/renderer/device_sensors/device_motion_event_pump.cc in Google ...) @@ -2896,9 +2896,9 @@ CVE-2015-1233 RESERVED CVE-2015-1232 (Array index error in the MidiManagerUsb::DispatchSendMidiData function ...) -- chromium-browser 41.0.2272.76-1 -[wheezy] - chromium-browser end-of-life -[squeeze] - chromium-browser end-of-life + - chromium-browser 41.0.2272.76-1 + [wheezy] - chromium-browser end-of-life + [squeeze] - chromium-browser end-of-life CVE-2015-1231 (Multiple unspecified vulnerabilities in Google Chrome before ...) - chromium-browser 41.0.2272.76-1 [wheezy] - chromium-browser end-of-life ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32825 - data/CVE
Author: fgeek-guest Date: 2015-03-12 18:20:29 + (Thu, 12 Mar 2015) New Revision: 32825 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-03-12 18:15:11 UTC (rev 32824) +++ data/CVE/list 2015-03-12 18:20:29 UTC (rev 32825) @@ -4727,10 +4727,13 @@ NOT-FOR-US: Cisco Unified Web CVE-2015-0654 RESERVED + NOT-FOR-US: Cisco CVE-2015-0653 RESERVED + NOT-FOR-US: Cisco CVE-2015-0652 RESERVED + NOT-FOR-US: Cisco CVE-2015-0651 (Cross-site request forgery (CSRF) vulnerability in the web GUI in ...) NOT-FOR-US: Cisco CVE-2015-0650 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32730 - data/CVE
Author: fgeek-guest Date: 2015-03-10 09:42:19 + (Tue, 10 Mar 2015) New Revision: 32730 Modified: data/CVE/list Log: CVE-2015-1609/mongodb fixed Modified: data/CVE/list === --- data/CVE/list 2015-03-10 09:33:09 UTC (rev 32729) +++ data/CVE/list 2015-03-10 09:42:19 UTC (rev 32730) @@ -1408,7 +1408,7 @@ RESERVED CVE-2015-1609 RESERVED - - mongodb unfixed (bug #780129) + - mongodb 1:2.4.10-5 (bug #780129) NOTE: https://jira.mongodb.org/browse/SERVER-17264 CVE-2015-1608 (Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not ...) NOT-FOR-US: Topline Opportunity Form ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
Bug#762289: switching PTS links to tracker.d.o
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Mar 10, 2015 at 05:14:31PM +0100, Holger Levsen wrote: unless someone objects profoundly I'll switch the links from the security- tracker to to tracker.debian.org instead of pointing to the old PTS in the coming days. Am I allowed to approve this change profoundly? - -- Henri Salo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJU/ybkAAoJECet96ROqnV0HHQP/3IhaFze9gfiK2fTKFlCF6Uu H8S0/kTLTvVUs9TsCbbCrYFIjh1yvwedD10VPts6VSxvTgrUgtcvZoYV7hyA37hS Cb6yP5pawPKymx3QHAOZ/XsH6bkHrhskOHS8HwIp0I4waG/9WrgQb+CRIUuLB5N8 oqOIrLzMTbXwNXvh6ugFTU0/8qgBcgliEfA4uLJnNdKPjoZ/MGwxn4SAsQ3iAIE6 8qUkW0/AuQDtSie8nd7VQQdqwu1c/uhSiSWTnVCXbu6+YjfPnARciIpbB1vOLqza BOgT3EujULeM7MXD9/ulXipzqybZHVbclGoycLTTNH0kIoDMuShF4Ag+nGiRuO2B CZ0RSodiYg6/yKkNiVsUSSHP29+TiM8SIQWXWrovS+1QtuhLe0c17Jp4IJF+LHSq z68ZzrJZD8FYgSJyIR/AMGa8iYAT2rfzM4Tv3EjVdtLDHuOjMBfCANxnH+pxeI+7 ebAswR0LckAkewAWGvTrScYqVNhB6VXUFfn/1tdazRtcov5oTLezSMyQfIjZkiPN nC2ZG7xJew5m/ja+cjPUjbWWGY/pyr+45bPZOk5+/pEsyJbzudkD1sf6EaOzFKyr BaJZVE3M/Sm89dY31L2lJ1jeAbeAZfBnR+c5w7ard7UmHCFPXtMzPpBa+XA/N6Ti rNr1/sxAQmmnAmWzgSur =gvb7 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#780129: mongodb: CVE-2015-1609: BSON Handling Remote Denial of Service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Package: mongodb Version: 1:2.4.10-4 Severity: important Tags: security, fixed-upstream, upstream Please see for more details: https://jira.mongodb.org/browse/SERVER-17264 - -- Henri Salo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJU/bQzAAoJECet96ROqnV0PuMQAMqLAT2o3dqYqV+WVqsDuQsw oGZpqrqEjMHjZbo0vpd8fXR1YMWrp1YhVs0OsUmPUdsGggCyqNFKTH3zcie1yx5z J8ybBiUU0KuNSeEV5jpVfhXM88Db22GWsx+kvmscYfXN/WcD27MIyfbiDAiG2WWY cqpX3gcPLlis3VLkFDoBbS0mwvYDDldwtos3DLw0c2Ym+Dq4DYqnTLov97l1uqrW qyq06EPXeOcTztw0yM0rnWgP6Fo/S6nAEuSXKjIziT7CAQGHn6ocv17PyzD+6bEx vL9uFfxVyIgbOOIVb3PKkrt+P6bLfH9ttlkVuHcdtL9PFMiBrPT6gfuUBR7hkcd9 hK5EyqD1gjEZ6nVotw9OMnZfFEnlo+PB3d05cCHG2qyIF7bhSKkolKH/dCweHpja 57/xn1I6bYcMRR1mKIQ0DbyvwfXIgop3zMT4TAMqnqXDKLKbjWgtNMPVtsE7TKow L2F4hYoFWhGzOJQcLX/sdqELInt9Go9vNQGtoGDGJ8EzPQdXOM9DsLDTKEIhmW1f BwxuzxvzAI8QiRQsPmPPMBStbTeBnLNKU+5VWCvvg5d1PUmzMev6y1oOjYg7fUNr hx/KhIjLD/lf2vBr/UQ/PvtkFL3Sw7l7jaYxR7ZN4+VsvrYxqL3m6mn/GLxR3Izh 1G+GvTGZNfvN0u3YimrR =uj/l -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
[Secure-testing-commits] r32705 - data/CVE
Author: fgeek-guest Date: 2015-03-09 14:50:27 + (Mon, 09 Mar 2015) New Revision: 32705 Modified: data/CVE/list Log: CVE-2015-1609/mongodb Modified: data/CVE/list === --- data/CVE/list 2015-03-09 14:43:59 UTC (rev 32704) +++ data/CVE/list 2015-03-09 14:50:27 UTC (rev 32705) @@ -1342,6 +1342,8 @@ RESERVED CVE-2015-1609 RESERVED + - mongodb unfixed + NOTE: https://jira.mongodb.org/browse/SERVER-17264 CVE-2015-1608 (Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not ...) NOT-FOR-US: Topline Opportunity Form CVE-2015-1605 (Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32706 - data/CVE
Author: fgeek-guest Date: 2015-03-09 15:00:21 + (Mon, 09 Mar 2015) New Revision: 32706 Modified: data/CVE/list Log: CVE-2015-1609/mongodb BTS Modified: data/CVE/list === --- data/CVE/list 2015-03-09 14:50:27 UTC (rev 32705) +++ data/CVE/list 2015-03-09 15:00:21 UTC (rev 32706) @@ -1342,7 +1342,7 @@ RESERVED CVE-2015-1609 RESERVED - - mongodb unfixed + - mongodb unfixed (bug #780129) NOTE: https://jira.mongodb.org/browse/SERVER-17264 CVE-2015-1608 (Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not ...) NOT-FOR-US: Topline Opportunity Form ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32645 - data/CVE
Author: fgeek-guest Date: 2015-03-05 07:05:08 + (Thu, 05 Mar 2015) New Revision: 32645 Modified: data/CVE/list Log: CVE-2015-1777/rhn-client-tools BTS Modified: data/CVE/list === --- data/CVE/list 2015-03-05 07:01:13 UTC (rev 32644) +++ data/CVE/list 2015-03-05 07:05:08 UTC (rev 32645) @@ -964,7 +964,7 @@ RESERVED CVE-2015-1777 RESERVED - - rhn-client-tools unfixed + - rhn-client-tools unfixed (bug #779817) CVE-2015-1776 RESERVED CVE-2015-1775 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
Bug#779699: poppler: segmentation fault in XRef::getEntry at XRef.cc:1317
Package: poppler
Version: 0.18.4-6
Severity: important
Tags: security
Following attached sample file crashes poppler library as demonstrated with
pdfinfo utility and also tested with xpdf version 3.03. Sample file is fuzzed
with AFL http://lcamtuf.coredump.cx/afl/.
47c3a99686e97e882db1f873a6b70bc12bb58ec9 afl-poppler-sample-001.pdf
Starting program: pdfinfo afl-poppler-sample-001.pdf
[Thread debugging using libthread_db enabled]
Using host libthread_db library /lib/x86_64-linux-gnu/libthread_db.so.1.
Error: PDF file is damaged - attempting to reconstruct xref table...
Error (892): Dictionary key must be a name object
Error (900): Dictionary key must be a name object
Error (958): Illegal character ')'
Error: Unterminated string
Error: End of file inside array
Error: End of file inside dictionary
Error: PDF file is damaged - attempting to reconstruct xref table...
Error (892): Dictionary key must be a name object
Error (900): Dictionary key must be a name object
Error (958): Illegal character ')'
Error: Unterminated string
Error: End of file inside array
Error: End of file inside dictionary
Program received signal SIGSEGV, Segmentation fault.
0x005fa1f0 in XRef::getEntry (this=this@entry=0xa699d0, i=optimized
out) at XRef.cc:1317
1317errCode = errDamaged;
(gdb) bt
#0 0x005fa1f0 in XRef::getEntry (this=this@entry=0xa699d0,
i=optimized out) at XRef.cc:1317
#1 0x005fccd0 in XRef::fetch (this=0xa699d0, num=1, gen=0,
obj=0x7fffe680, fetchOriginatorNums=0x0) at XRef.cc:982
#2 0x0040b035 in getCatalog (obj=0x7fffe680, this=optimized out)
at XRef.h:101
#3 Catalog::Catalog (this=0xa69d30, xrefA=optimized out) at Catalog.cc:88
#4 0x0059ec69 in PDFDoc::setup (this=this@entry=0xa69590,
ownerPassword=ownerPassword@entry=0x0, userPassword=userPassword@entry=0x0) at
PDFDoc.cc:260
#5 0x0059f39d in PDFDoc::PDFDoc (this=0xa69590, fileNameA=optimized
out, ownerPassword=0x0, userPassword=0x0, guiDataA=optimized out) at
PDFDoc.cc:154
#6 0x007e99b5 in LocalPDFDocBuilder::buildPDFDoc (this=optimized
out, uri=..., ownerPassword=0x0, userPassword=0x0, guiDataA=0x0) at
LocalPDFDocBuilder.cc:31
#7 0x00404102 in main (argc=2, argv=0x7fffeaf8) at pdfinfo.cc:172
#8 0x762deead in __libc_start_main (main=optimized out,
argc=optimized out, ubp_av=optimized out, init=optimized out,
fini=optimized out, rtld_fini=optimized out,
stack_end=0x7fffeae8) at libc-start.c:244
#9 0x00405cd5 in _start ()
(gdb) list
1312 }
1313}
1314if (followed) {
1315 error(-1, Circular XRef);
1316 if (!(ok = constructXRef(NULL))) {
1317errCode = errDamaged;
1318 }
1319 break;
1320}
1321
--
Henri Salo
afl-poppler-sample-001.pdf
Description: Adobe PDF document
signature.asc
Description: Digital signature
Bug#779697: metacam: SIGBUS, Bus error at dataifdentry.cc
Package: metacam
Version: 1.2-6
Severity: important
Tags: security
metacam crashes when using following example input file fuzzed with AFL
http://lcamtuf.coredump.cx/afl/.
08cc3e8a67812d32d51c5aff70a10a77e4b73644
/home/fgeek/security/afl-samples/metacam/afl-metacam-sample-003.jpg
Starting program: metacam afl-metacam-sample-003.jpg
File: afl-metacam-sample-003.jpg
WARNING: Unknown field type 58624
WARNING: Unknown field type 0
WARNING: Unknown field type 8241
WARNING: Unknown field type 9361
Standard Fields ---
Program received signal SIGBUS, Bus error.
_DataIFDEntry::getSTRING (this=0x663380) at dataifdentry.cc:121
121 tmpbuf[value_count] = 0;
(gdb) bt
#0 _DataIFDEntry::getSTRING (this=0x663380) at dataifdentry.cc:121
#1 0x00417b68 in getSTRING (this=optimized out) at metatiff.h:411
#2 dpyString (ctx=..., name=0x45870c Model, e=...) at dpyfuncs.cc:46
#3 0x0040ebe3 in displayTags (driver=driver@entry=0x661010,
header=header@entry=0x4581e5 Standard Fields, tag_map=..., known=optimized
out, verbose=0) at metacam.cc:86
#4 0x004060bc in processFile (is=..., fname=optimized out,
driver=0x661010) at metacam.cc:255
#5 main (argc=optimized out, argv=optimized out) at metacam.cc:359
#6 0x772d1ead in __libc_start_main (main=optimized out,
argc=optimized out, ubp_av=optimized out, init=optimized out,
fini=optimized out, rtld_fini=optimized out,
stack_end=0x7fffe4a8) at libc-start.c:244
#7 0x0040c271 in _start ()
(gdb) list
116 vectorstring v;
117 if (getRawType() != tASCII) {return v;}
118 char tmpbuf[1024];
119 source.seek(offset);
120 source.getData((unsigned char *)tmpbuf, value_count);
121 tmpbuf[value_count] = 0;
122 v.push_back(string(tmpbuf));
123 return v;
124 }
125
--
Henri Salo
signature.asc
Description: Digital signature
Bug#779696: metacam: segmentation fault at getRATIONAL dpyfuncs.cc:938
Package: metacam Version: 1.2-6 Severity: important Tags: security metacam crashes when using following example input file fuzzed with AFL http://lcamtuf.coredump.cx/afl/. 727e57e1d8f6a88bdefee47198ff8ab94fe2e1dc afl-metacam-sample-002.jpg Starting program: metacam afl-metacam-sample-002.jpg File: afl-metacam-sample-002.jpg Standard Fields --- Make: EASTMAN KODAK COMPANY Model: KODAK CX4200 DIGITAL CAMERA Software Version: Ver�on 1.0100 X Resolution: 230 Pixels/Inch Y Resolution: 230 Pixels/Inch Bits Per Sample: (1) YCbCr Positioning: Datum Point WARNING: Unknown field type 65535 WARNING: Unknown field type 65535 WARNING: Unknown field type 37 WARNING: Unknown field type 136 WARNING: Unknown field type 144 WARNING: Unknown field type 12432 WARNING: Unknown field type 5264 WARNING: Unknown field type 10385 WARNING: Unknown field type 145 WARNING: Unknown field type 19602 WARNING: Unknown field type 21650 WARNING: Unknown field type 23698 WARNING: Unknown field type 25746 WARNING: Unknown field type 27794 WARNING: Unknown field type 146 WARNING: Unknown field type 146 WARNING: Unknown field type 29842 WARNING: Unknown field type 25 EXIF Fields --- Exposure Time: 35882743/38096943 Sec. Aperture: f59.3514 Exif Image Width: 1705168 pixels Exif Image Height: 1632 pixels Exposure Mode: Auto Exposure White Balance: Auto White Balance Sensing Method: Single Chip Color Area Sensor ColorSpace: sRGB Program received signal SIGSEGV, Segmentation fault. getRATIONAL (this=optimized out) at dpyfuncs.cc:938 938 } (gdb) bt #0 getRATIONAL (this=optimized out) at dpyfuncs.cc:938 #1 dpyRationalAsDouble (ctx=..., name=optimized out, e=..., units=0x0) at dpyfuncs.cc:346 #2 0x0040ebe3 in displayTags (driver=driver@entry=0x661010, header=header@entry=0x45820d EXIF Fields, tag_map=..., known=optimized out, verbose=0) at metacam.cc:86 #3 0x0040742f in processFile (is=..., fname=optimized out, driver=0x661010) at metacam.cc:296 #4 main (argc=optimized out, argv=optimized out) at metacam.cc:359 #5 0x772d1ead in __libc_start_main (main=optimized out, argc=optimized out, ubp_av=optimized out, init=optimized out, fini=optimized out, rtld_fini=optimized out, stack_end=0x7fffe4b8) at libc-start.c:244 #6 0x0040c271 in _start () (gdb) list 933 17 42 33 43 06 - ?? only on D ?? 934 00 00 00 00 00 02 02 - ?? don't know ?? constant 935 936 */ 937 938 } -- Henri Salo signature.asc Description: Digital signature
Bug#779695: metacam: segmentation fault in tiffRATIONAL::normalize at rationals.cc:40
Package: metacam
Version: 1.2-6
Severity: important
Tags: security
metacam crashes when using following example input file fuzzed with AFL
http://lcamtuf.coredump.cx/afl/.
5d4c287cf40b73d2a5aac8b4a7367564ce823937 afl-metacam-sample-001.jpg
Starting program: metacam afl-metacam-sample-001.jpg
File: afl-metacam-sample-001.jpg
WARNING: Unknown field type 0
WARNING: Unknown field type 0
Standard Fields ---
Program received signal SIGSEGV, Segmentation fault.
tiffRATIONAL::normalize (this=0x0) at rationals.cc:40
40 if ((num == 0) || (den == 0)) return *this;
(gdb) bt
#0 tiffRATIONAL::normalize (this=0x0) at rationals.cc:40
#1 0x00421bf7 in dpyResolution (ctx=..., name=0x4584f7 X Resolution,
e=...) at dpyfuncs.cc:194
#2 0x0040ebe3 in displayTags (driver=driver@entry=0x661010,
header=header@entry=0x4581e5 Standard Fields, tag_map=..., known=optimized
out,
verbose=0) at metacam.cc:86
#3 0x004060bc in processFile (is=..., fname=optimized out,
driver=0x661010) at metacam.cc:255
#4 main (argc=optimized out, argv=optimized out) at metacam.cc:359
#5 0x772d1ead in __libc_start_main (main=optimized out,
argc=optimized out, ubp_av=optimized out, init=optimized out,
fini=optimized out, rtld_fini=optimized out, stack_end=0x7fffe4e8)
at libc-start.c:244
#6 0x0040c271 in _start ()
(gdb) list
35
36
37 tiffRATIONAL
38 tiffRATIONAL::normalize() const
39 {
40 if ((num == 0) || (den == 0)) return *this;
41 unsigned long d = Euclid(num, den);
42 return tiffRATIONAL(num/d, den/d);
43 }
44
--
Henri Salo
signature.asc
Description: Digital signature
metacam issues
Hi,
I found lots of issues from metacam package in Debian while fuzzing with AFL
http://lcamtuf.coredump.cx/afl/.
Popularity of this package is pretty low currently:
https://qa.debian.org/popcon.php?package=metacam
Do you want me to report these issues to Debian bug tracking system? I was
unable to find upstream issue tracker for this package and our Git URL seems to
be broken according to http://duck.debian.net/static/sp/m/metacam.html
Some of these issues probably has security impact on systems executing malicious
files with cli program. Please note that the cli program might be dependency in
web-application etc.
Do we really want to have several packages in Debian, which list and/or edit
EXIF data for JPEG files?
I have attached one of the sample files to this email.
5d4c287cf40b73d2a5aac8b4a7367564ce823937 afl-metacam-sample-001.jpg
Starting program: metacam afl-metacam-sample-001.jpg
File: afl-metacam-sample-001.jpg
WARNING: Unknown field type 0
WARNING: Unknown field type 0
Standard Fields ---
Program received signal SIGSEGV, Segmentation fault.
tiffRATIONAL::normalize (this=0x0) at rationals.cc:40
40 if ((num == 0) || (den == 0)) return *this;
(gdb) bt
#0 tiffRATIONAL::normalize (this=0x0) at rationals.cc:40
#1 0x00421bf7 in dpyResolution (ctx=..., name=0x4584f7 X Resolution,
e=...) at dpyfuncs.cc:194
#2 0x0040ebe3 in displayTags (driver=driver@entry=0x661010,
header=header@entry=0x4581e5 Standard Fields, tag_map=..., known=optimized
out,
verbose=0) at metacam.cc:86
#3 0x004060bc in processFile (is=..., fname=optimized out,
driver=0x661010) at metacam.cc:255
#4 main (argc=optimized out, argv=optimized out) at metacam.cc:359
#5 0x772d1ead in __libc_start_main (main=optimized out,
argc=optimized out, ubp_av=optimized out, init=optimized out,
fini=optimized out, rtld_fini=optimized out, stack_end=0x7fffe4e8)
at libc-start.c:244
#6 0x0040c271 in _start ()
(gdb) list
35
36
37 tiffRATIONAL
38 tiffRATIONAL::normalize() const
39 {
40 if ((num == 0) || (den == 0)) return *this;
41 unsigned long d = Euclid(num, den);
42 return tiffRATIONAL(num/d, den/d);
43 }
44
--
Henri Salo
signature.asc
Description: Digital signature
___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
[Secure-testing-commits] r32575 - data/CVE
Author: fgeek-guest Date: 2015-03-02 09:43:54 + (Mon, 02 Mar 2015) New Revision: 32575 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-03-02 07:14:33 UTC (rev 32574) +++ data/CVE/list 2015-03-02 09:43:54 UTC (rev 32575) @@ -2482,6 +2482,7 @@ RESERVED CVE-2015-1187 RESERVED + NOT-FOR-US: D-Link CVE-2015-1186 RESERVED CVE-2015-1185 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
Bug#779527: sample file
File attached. -- Henri Salo
[Secure-testing-commits] r32577 - data/CVE
Author: fgeek-guest Date: 2015-03-02 16:28:42 + (Mon, 02 Mar 2015) New Revision: 32577 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-03-02 11:51:58 UTC (rev 32576) +++ data/CVE/list 2015-03-02 16:28:42 UTC (rev 32577) @@ -1182,6 +1182,7 @@ RESERVED CVE-2015-1583 RESERVED + NOT-FOR-US: ATutor CVE-2015-1582 (Multiple cross-site scripting (XSS) vulnerabilities in the Spider ...) NOT-FOR-US: Spider Facebook plugin for WordPress CVE-2015-1581 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
Bug#779527: sample file
File attached. -- Henri Salo ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#779525: exifprobe: double free or corruption
0x77802165 in *__GI_raise (sig=optimized out) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
pid = optimized out
selftid = optimized out
#1 0x778053e0 in *__GI_abort () at abort.c:92
act = {__sigaction_handler = {sa_handler = 0x7fffdf18, sa_sigaction
= 0x7fffdf18}, sa_mask = {__val = {140737488346880, 140737488350391, 44,
140737346920731, 3, 140737488346890, 6, 140737346920735, 2, 140737488346878, 2,
140737346911721, 1, 140737346920731, 3, 140737488346884}}, sa_flags = 12,
sa_restorer = 0x7791e11f}
sigs = {__val = {32, 0 repeats 15 times}}
#2 0x7783c39b in __libc_message (do_abort=optimized out,
fmt=optimized out) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
ap = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
0x7fffe880, reg_save_area = 0x7fffe790}}
ap_copy = {{gp_offset = 16, fp_offset = 48, overflow_arg_area =
0x7fffe880, reg_save_area = 0x7fffe790}}
fd = 8
on_2 = optimized out
list = optimized out
nlist = 0
cp = optimized out
written = false
#3 0x77845be6 in malloc_printerr (action=3, str=0x77920270 double
free or corruption (!prev), ptr=optimized out) at malloc.c:6312
buf = 007593a0
cp = 0x77915e40 0123456789abcdefghijklmnopqrstuvwxyz
#4 0x7784a98c in *__GI___libc_free (mem=optimized out) at
malloc.c:3738
ar_ptr = 0x77b56e40
p = 0x6
#5 0x0043affb in destroy_summary (summary_entry=0x7593a0) at
process.c:1704
prev_entry = 0x759250
#6 0x00401e54 in main (argc=optimized out, argv=0x7fffea70) at
main.c:322
file = 0x7fffece7 sample.jpg
name = optimized out
inptr = 0x759010
status = 8
max_offset = optimized out
ifd_offset = optimized out
dumplength = optimized out
header = optimized out
summary_entry = 0x759250
filesize = 24
chpr = optimized out
#7 0x777eeead in __libc_start_main (main=optimized out,
argc=optimized out, ubp_av=optimized out, init=optimized out,
fini=optimized out, rtld_fini=optimized out, stack_end=0x7fffea48) at
libc-start.c:244
result = optimized out
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -3639622040855898393,
4207200, 140737488349776, 0, 0, 3639622040104343271, 3639640723441719015},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x53dc90, 0x7fffea58}, data
= {prev = 0x0, cleanup = 0x0, canceltype = 5495952}}}
not_first_call = optimized out
#8 0x00403289 in _start ()
No symbol table info available.
--
Henri Salo
Bug#779527: exifprobe: denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Package: exifprobe Version: 2.0.1-3 Severity: important Tags: security Following attached sample file hangs exifprobe and uses all CPU from one core. Sample file is fuzzed with american fuzzy lop http://lcamtuf.coredump.cx/afl/. ff d8 ff e0 00 10 4a 46 49 46 4a 46 49 46 00 01 |..JFIFJFIF..| 0010 00 01 00 00 ff ec 00 43 |...C| 0018 Starting program: exifprobe-2.0.1/exifprobe -c sample2.jpg File Name = sample2.jpg File Type = JPEG File Size = 24 @0=0 : JPEG_SOI @0x002=2 :JPEG_APP0 0xffe0 length 16, - (not dumped: use -A) @0x013=19 :/JPEG_APP0 @0x014=20 :JPEG_APP12 0xffec length 67, FAILED to read character at offset 24 (EOF) - -- Henri Salo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJU84XpAAoJECet96ROqnV0MLsP/i08u5Ht82ElZlg9n0TdF23x 1G9Muhz93Pa78dxvE9FVh7mjFr9Qsp3WwXlEAXrK8uM+aVECZYDHe5RXDn5nGcGp h2Z1bLXOZATJ7bPbJJ6WFCvKuh6NgAx/+E/sSY3CGe3yJl6CsBsV8a/DlqCuEUen UibQuML64Yz0W6Q0AHnWmopsuqNZ49Sml6CBjSDPLqYeNQIVFCqwlucn3h8ENuox L7ZdXh0xhaYqcKzaj550IbgbqBg1SiNbJqeEN0/HeHLPwA4Fk/U0zHSjPTvcrjLG nTpLa+e9WBDw9BJOlFQj4U4/mz26HDc2iTaJ/sNmwDQZ5hJsvtjxADI6Jdp+LWc0 Ti9P/4gKrKuA2DEYfTGzL7lX8YQQ6HiVP3zWnJB64isGCP5dgcl5jL27QhmUyaeF jtuP/ND+X0kBHjpkcv/hJArfk2+XfQKe8lcIGeJRX3DhwMD1oc5lq5g+2RoJHvZa aJGxeZGWc6d3ObkpPbHqUX5NxqqsSVttMjETMfcBLAe7xq2n1PhyZZH1vU2aqdiQ K89aW+HdKhJvvmixZ6DQzID9I9JdGn0/OWtKkBHQoazgGjOv0BgccDGX/fRYa9y0 4iHl0WLGeDk1B8dW2CzD13sqDAym/cDAyDUthLt5LpNOtrL3Cv/ykjyjC2b5UInS klUsjJiVX6eqtMnindFu =fiJn -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#779527: exifprobe: denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Package: exifprobe Version: 2.0.1-3 Severity: important Tags: security Following attached sample file hangs exifprobe and uses all CPU from one core. Sample file is fuzzed with american fuzzy lop http://lcamtuf.coredump.cx/afl/. ff d8 ff e0 00 10 4a 46 49 46 4a 46 49 46 00 01 |..JFIFJFIF..| 0010 00 01 00 00 ff ec 00 43 |...C| 0018 Starting program: exifprobe-2.0.1/exifprobe -c sample2.jpg File Name = sample2.jpg File Type = JPEG File Size = 24 @0=0 : JPEG_SOI @0x002=2 :JPEG_APP0 0xffe0 length 16, - (not dumped: use -A) @0x013=19 :/JPEG_APP0 @0x014=20 :JPEG_APP12 0xffec length 67, FAILED to read character at offset 24 (EOF) - -- Henri Salo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJU84XpAAoJECet96ROqnV0MLsP/i08u5Ht82ElZlg9n0TdF23x 1G9Muhz93Pa78dxvE9FVh7mjFr9Qsp3WwXlEAXrK8uM+aVECZYDHe5RXDn5nGcGp h2Z1bLXOZATJ7bPbJJ6WFCvKuh6NgAx/+E/sSY3CGe3yJl6CsBsV8a/DlqCuEUen UibQuML64Yz0W6Q0AHnWmopsuqNZ49Sml6CBjSDPLqYeNQIVFCqwlucn3h8ENuox L7ZdXh0xhaYqcKzaj550IbgbqBg1SiNbJqeEN0/HeHLPwA4Fk/U0zHSjPTvcrjLG nTpLa+e9WBDw9BJOlFQj4U4/mz26HDc2iTaJ/sNmwDQZ5hJsvtjxADI6Jdp+LWc0 Ti9P/4gKrKuA2DEYfTGzL7lX8YQQ6HiVP3zWnJB64isGCP5dgcl5jL27QhmUyaeF jtuP/ND+X0kBHjpkcv/hJArfk2+XfQKe8lcIGeJRX3DhwMD1oc5lq5g+2RoJHvZa aJGxeZGWc6d3ObkpPbHqUX5NxqqsSVttMjETMfcBLAe7xq2n1PhyZZH1vU2aqdiQ K89aW+HdKhJvvmixZ6DQzID9I9JdGn0/OWtKkBHQoazgGjOv0BgccDGX/fRYa9y0 4iHl0WLGeDk1B8dW2CzD13sqDAym/cDAyDUthLt5LpNOtrL3Cv/ykjyjC2b5UInS klUsjJiVX6eqtMnindFu =fiJn -END PGP SIGNATURE- ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#779525: exifprobe: double free or corruption
0x77802165 in *__GI_raise (sig=optimized out) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
pid = optimized out
selftid = optimized out
#1 0x778053e0 in *__GI_abort () at abort.c:92
act = {__sigaction_handler = {sa_handler = 0x7fffdf18, sa_sigaction
= 0x7fffdf18}, sa_mask = {__val = {140737488346880, 140737488350391, 44,
140737346920731, 3, 140737488346890, 6, 140737346920735, 2, 140737488346878, 2,
140737346911721, 1, 140737346920731, 3, 140737488346884}}, sa_flags = 12,
sa_restorer = 0x7791e11f}
sigs = {__val = {32, 0 repeats 15 times}}
#2 0x7783c39b in __libc_message (do_abort=optimized out,
fmt=optimized out) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
ap = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
0x7fffe880, reg_save_area = 0x7fffe790}}
ap_copy = {{gp_offset = 16, fp_offset = 48, overflow_arg_area =
0x7fffe880, reg_save_area = 0x7fffe790}}
fd = 8
on_2 = optimized out
list = optimized out
nlist = 0
cp = optimized out
written = false
#3 0x77845be6 in malloc_printerr (action=3, str=0x77920270 double
free or corruption (!prev), ptr=optimized out) at malloc.c:6312
buf = 007593a0
cp = 0x77915e40 0123456789abcdefghijklmnopqrstuvwxyz
#4 0x7784a98c in *__GI___libc_free (mem=optimized out) at
malloc.c:3738
ar_ptr = 0x77b56e40
p = 0x6
#5 0x0043affb in destroy_summary (summary_entry=0x7593a0) at
process.c:1704
prev_entry = 0x759250
#6 0x00401e54 in main (argc=optimized out, argv=0x7fffea70) at
main.c:322
file = 0x7fffece7 sample.jpg
name = optimized out
inptr = 0x759010
status = 8
max_offset = optimized out
ifd_offset = optimized out
dumplength = optimized out
header = optimized out
summary_entry = 0x759250
filesize = 24
chpr = optimized out
#7 0x777eeead in __libc_start_main (main=optimized out,
argc=optimized out, ubp_av=optimized out, init=optimized out,
fini=optimized out, rtld_fini=optimized out, stack_end=0x7fffea48) at
libc-start.c:244
result = optimized out
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -3639622040855898393,
4207200, 140737488349776, 0, 0, 3639622040104343271, 3639640723441719015},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x53dc90, 0x7fffea58}, data
= {prev = 0x0, cleanup = 0x0, canceltype = 5495952}}}
not_first_call = optimized out
#8 0x00403289 in _start ()
No symbol table info available.
--
Henri Salo
___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
[Secure-testing-commits] r32460 - data/CVE
Author: fgeek-guest Date: 2015-02-24 16:33:00 + (Tue, 24 Feb 2015) New Revision: 32460 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-02-24 16:27:19 UTC (rev 32459) +++ data/CVE/list 2015-02-24 16:33:00 UTC (rev 32460) @@ -14549,7 +14549,7 @@ CVE-2014-6103 RESERVED CVE-2014-6102 (IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before ...) - TODO: check + NOT-FOR-US: IBM Maximo Asset Management CVE-2014-6101 (Cross-site scripting (XSS) vulnerability in the redirect-login feature ...) NOT-FOR-US: IBM Business Process Manager CVE-2014-6100 (Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli ...) @@ -17586,7 +17586,7 @@ CVE-2014-4814 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-4813 (Race condition in the client in IBM Tivoli Storage Manager (TSM) ...) - TODO: check + NOT-FOR-US: IBM Tivoli Storage Manager CVE-2014-4812 (The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 ...) NOT-FOR-US: IBM Security AppScan Source CVE-2014-4811 (IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume ...) @@ -17604,9 +17604,9 @@ CVE-2014-4805 (IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files ...) NOT-FOR-US: IBM DB2 CVE-2014-4804 (Curam Universal Access in IBM Curam Social Program Management 5.2 ...) - TODO: check + NOT-FOR-US: IBM Curam Social Program Management CVE-2014-4803 (CRLF injection vulnerability in the Universal Access implementation in ...) - TODO: check + NOT-FOR-US: IBM Curam Social Program Management CVE-2014-4802 (The Saved Search Admin component in the Process Admin Console in IBM ...) NOT-FOR-US: IBM Business Process Manager CVE-2014-4801 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...) @@ -17650,7 +17650,7 @@ CVE-2014-4782 RESERVED CVE-2014-4781 (The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before ...) - TODO: check + NOT-FOR-US: IBM InfoSphere BigInsights CVE-2014-4780 RESERVED CVE-2014-4779 @@ -17670,7 +17670,7 @@ CVE-2014-4772 RESERVED CVE-2014-4771 (IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before ...) - TODO: check + NOT-FOR-US: IBM WebSphere MQ CVE-2014-4770 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-4769 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 ...) @@ -21506,7 +21506,7 @@ CVE-2014-3366 (SQL injection vulnerability in the administrative web interface in ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-3365 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime ...) - TODO: check + NOT-FOR-US: Cisco Prime Security Manager CVE-2014-3364 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...) NOT-FOR-US: Cisco CVE-2014-3363 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...) @@ -24729,9 +24729,9 @@ CVE-2014-2154 (Memory leak in the SIP inspection engine in Cisco Adaptive Security ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-2153 (Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in ...) - TODO: check + NOT-FOR-US: Cisco Prime Infrastructure CVE-2014-2152 (Cross-site request forgery (CSRF) vulnerability in the INSERT page in ...) - TODO: check + NOT-FOR-US: Cisco Prime Infrastructure CVE-2014-2151 (The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-2150 @@ -24741,7 +24741,7 @@ CVE-2014-2148 RESERVED CVE-2014-2147 (The web interface in Cisco Prime Infrastructure 2.1 and earlier does ...) - TODO: check + NOT-FOR-US: Cisco Prime Infrastructure CVE-2014-2146 RESERVED CVE-2014-2145 (Directory traversal vulnerability in the messaging API in Cisco Unity ...) @@ -28734,7 +28734,7 @@ CVE-2014-0604 (Directory traversal vulnerability in the rftpcom.dll ActiveX control ...) NOT-FOR-US: Attachmate Reflection FTP Client CVE-2014-0603 (The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client ...) - TODO: check + NOT-FOR-US: Attachmate Reflection FTP Client CVE-2014-0602 (Directory traversal vulnerability in the DumpToFile method in the ...) NOT-FOR-US: NetIQ Security Manager CVE-2014-0601 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
Bug#778827: dmg2img: convert_char8 out of bounds, segmentation fault at dmg2img.h:87
not within mapped region at address 0x18 ==22115==at 0x407ED8: convert_char8 (dmg2img.h:81) ==22115==by 0x40652B: main (dmg2img.c:602) ==22115== If you believe this happened as a result of a stack ==22115== overflow in your program's main thread (unlikely but ==22115== possible), you can try to increase the size of the ==22115== main thread stack using the --main-stacksize= flag. ==22115== The main thread stack size used in this run was 8388608. ==22115== ==22115== HEAP SUMMARY: ==22115== in use at exit: 3,161,849 bytes in 12 blocks ==22115== total heap usage: 15 allocs, 3 frees, 3,169,644 bytes allocated ==22115== ==22115== LEAK SUMMARY: ==22115==definitely lost: 511 bytes in 2 blocks ==22115==indirectly lost: 0 bytes in 0 blocks ==22115== possibly lost: 0 bytes in 0 blocks ==22115==still reachable: 3,161,338 bytes in 10 blocks ==22115== suppressed: 0 bytes in 0 blocks ==22115== Rerun with --leak-check=full to see details of leaked memory ==22115== ==22115== For counts of detected and suppressed errors, rerun with: -v ==22115== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4) Segmentation fault -- Henri Salo sample03.dmg Description: application/apple-diskimage Signature: 0x6B6F6C79 (koly) Version:0x0004 HeaderSize: 0x0200 Flags: 0x0001 RunningDataForkOffset: 0x DataForkOffset: 0x DataForkLength: 0x469C RsrcForkOffset: 0x RsrcForkLength: 0x SegmentNumber: 0x SegmentCount: 0x SegmentID: 0x DataForkChecksumType: 0x DataForkChecksum: 0x XMLOffset: 0x469C XMLLength: 0x1E3C MasterChecksumType: 0x0002 CRC-32 MasterChecksum: 0xEA52F304 ImageVariant: 0x0001 SectorCount:0x4BD1 ?xml version=1.0 encoding=UTF-8? !DOCTYPE plist PUBLIC -//Apple//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd; plist version=1.0 dict keyresource-fork/key dict keyblkx/key array dict keyAttributes/key string0x0050/string keyCFName/key stringProtective Master Boot Record (MBR : 0)/string keyData/key data bWlzaAEB AAgI AAIgsOF5gwAA AAACgAAABQsB FwwAH/8AAAEA AAA= /data keyID/key string-1/string keyName/key stringProtective Master Boot Record (MBR : 0)/string /dict dict keyAttributes/key string0x0050/string keyCFName/key stringGPT Header (Primary GPT Header : 1)/string keyData/key data I bWlzaAEAAQAB AAgIAQAA AAIgMIi6gwAA AAACgAAABQcB FsAATP8AAAEA AAA= /data keyID/key string0/string keyName/key stringGPT Header (Primary GPT Header : 1)/string /dict dict keyAttributes/key
Bug#778814: dmg2img: invalid read, segmentation fault at dmg2img.c:390
Package: dmg2img
Version: 1.6.5-1
Severity: important
Tags: security
Following attached sample file crashes dmg2img. Sample file is fuzzed with
american fuzzy lop http://lcamtuf.coredump.cx/afl/. Feel free to contact me in
case you need more information. I was unable to find upstream bug tracker for
this software.
c2ad4e5aa15856d3dfb1527b6a5a3fd07958830c sample01.dmg
gdb:
dmg2img v1.6.5 (c) vu1tur (t...@vu1tur.eu.org)
sample01.dmg -- sample01.img
decompressing:
opening partition 0 ...
Program received signal SIGSEGV, Segmentation fault.
main (argc=optimized out, argv=optimized out) at dmg2img.c:390
390 block_type = convert_char4((unsigned char
*)parts[i].Data + offset);
(gdb) bt full
#0 main (argc=optimized out, argv=optimized out) at dmg2img.c:390
bi = optimized out
i = optimized out
err = optimized out
partnum = 1
tmp = 0x77ed8010
otmp = 0x77529010
dtmp = 0x77428010
input_file = optimized out
output_file = 0x610010 sample01.img
plist = 0x6104b0 ?xml version=\1.0\ encoding=\UTF-8\?\n!DOCTYPE
plist PUBLIC \-//Apple//DTD PLIST 1.0//EN\
\http://www.apple.com/DTDs/PropertyList-1.0.dtd\;\nplist
version=\1.0\\ndict\n\tkeyresource-fork/key\n\td...
blkx = 0x612300
keyblkx/key\n\t\tarray\n\t\t\tdict\n\t\t\t\tkeyAttributes/key\n\t\t\t\tstring0x0050/string\n\t\t\t\tkeyCFName/key\n\t\t\t\tstringProtective
Master Boot Record (MBR : 0)/string\n\t\t\t\tkeyData/key\n\t\t\t\tda...
blkx_size = optimized out
parts = 0x613970
data_begin = optimized out
data_end = optimized out
partname_begin = optimized out
partname_end = optimized out
mish_begin = optimized out
partname = '\000' repeats 254 times
data_size = optimized out
out_offs = optimized out
out_size = optimized out
in_offs = 0
in_size = optimized out
in_offs_add = 0
add_offs = 0
to_read = optimized out
to_write = optimized out
chunk = optimized out
reserved =
sztype = '\000' repeats 63 times
block_type = optimized out
szSignature = koly
rSignature = optimized out
__PRETTY_FUNCTION__ = main
#1 0x77648ead in __libc_start_main (main=optimized out,
argc=optimized out, ubp_av=optimized out, init=optimized out,
fini=optimized out, rtld_fini=optimized out,
stack_end=0x7fffe5a8) at libc-start.c:244
result = optimized out
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 5332225185369646181,
4226116, 140737488348592, 0, 0, -5332225186142264219, -5332208876894198683},
mask_was_saved = 0}}, priv = {
pad = {0x0, 0x0, 0x40e7c0, 0x7fffe5b8}, data = {prev = 0x0,
cleanup = 0x0, canceltype = 4253632}}}
not_first_call = optimized out
#2 0x00407c6d in _start ()
No symbol table info available.
Valgrind:
==18211== Memcheck, a memory error detector
==18211== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==18211== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==18211== Command: dmg2img sample01.dmg
==18211==
dmg2img v1.6.5 (c) vu1tur (t...@vu1tur.eu.org)
sample01.dmg -- sample01.img
decompressing:
opening partition 0 ...==18211== Invalid read of size 1
==18211==at 0x4046ED: main (dmg2img.h:81)
==18211== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==18211==
==18211==
==18211== Process terminating with default action of signal 11 (SIGSEGV)
==18211== Access not within mapped region at address 0x0
==18211==at 0x4046ED: main (dmg2img.h:81)
==18211== If you believe this happened as a result of a stack
==18211== overflow in your program's main thread (unlikely but
==18211== possible), you can try to increase the size of the
==18211== main thread stack using the --main-stacksize= flag.
==18211== The main thread stack size used in this run was 8388608.
==18211==
==18211== HEAP SUMMARY:
==18211== in use at exit: 3,160,989 bytes in 10 blocks
==18211== total heap usage: 10 allocs, 0 frees, 3,160,989 bytes allocated
==18211==
==18211== LEAK SUMMARY:
==18211==definitely lost: 431 bytes in 1 blocks
==18211==indirectly lost: 0 bytes in 0 blocks
==18211== possibly lost: 0 bytes in 0 blocks
==18211==still reachable: 3,160,558 bytes in 9 blocks
==18211== suppressed: 0 bytes in 0 blocks
==18211== Rerun with --leak-check=full to see details of leaked memory
==18211==
==18211== For counts of detected and suppressed errors, rerun with: -v
==18211== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4)
Segmentation fault
--
Henri Salo
sample01.dmg
Description: application/apple-diskimage
Signature: 0x6B6F6C79 (koly)
Version:0x0004
HeaderSize: 0x0200
Flags: 0x0001
RunningDataForkOffset
Bug#778819: dmg2img: ADC decompress segmentation fault at adc.c:66
at exit: 3,162,750 bytes in 16 blocks ==30730== total heap usage: 29 allocs, 13 frees, 3,170,754 bytes allocated ==30730== ==30730== LEAK SUMMARY: ==30730==definitely lost: 3,161,374 bytes in 11 blocks ==30730==indirectly lost: 240 bytes in 3 blocks ==30730== possibly lost: 0 bytes in 0 blocks ==30730==still reachable: 1,136 bytes in 2 blocks ==30730== suppressed: 0 bytes in 0 blocks ==30730== Rerun with --leak-check=full to see details of leaked memory ==30730== ==30730== For counts of detected and suppressed errors, rerun with: -v ==30730== Use --track-origins=yes to see where uninitialised values come from ==30730== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4) -- Henri Salo sample02.dmg Description: application/apple-diskimage Signature: 0x6B6F6C79 (koly) Version:0x0004 HeaderSize: 0x0200 Flags: 0x0001 RunningDataForkOffset: 0x DataForkOffset: 0x DataForkLength: 0x469C RsrcForkOffset: 0x RsrcForkLength: 0x SegmentNumber: 0x SegmentCount: 0x SegmentID: 0x DataForkChecksumType: 0x DataForkChecksum: 0x XMLOffset: 0x469C XMLLength: 0x1E3C MasterChecksumType: 0x0002 CRC-32 MasterChecksum: 0xEA52F304 ImageVariant: 0x0001 SectorCount:0x4BD1 ?xml version=1.0 encoding=UTF-8? !DOCTYPE plist PUBLIC -//Apple//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd; plist version=1.0 dict keyresource-fork/key dict keyblkx/key array dict keyAttributes/key string0x0050/string keyCFName/key stringProtective Master Boot Record (MBR : 0)/string keyData/key data bWlzaAEB AAgI AAIgsOF5gwAA AAACgAAABAsB FwwAH/8AAAEA AAA= /data keyID/key string-1/string keyName/key stringProtective Master Boot Record (MBR : 0)/string /dict dict keyAttributes/key string0x0050/string keyCFName/key stringGPT Header (Primary GPT Header : 1)/string keyData/key data bWlzaAEAAQAB AAgIAQAA AAIgMIi6gwAA AAACgAAABQcB FsAATP8AAAEA AAA= /data keyID/key string0/string keyName/key stringGPT Header (Primary GPT Header : 1)/string /dict dict keyAttributes/key string0x0050/string keyCFName/key stringGPT Partition Data (Primary GPT Table : 2)/string keyData/key data bWlzaAEAAgAg AAgIAgAA
Bug#778829: dmg2img: denial of service issue
AAEAAQAA /data keyID/key string0/string keyName/key string/string /dict /array /dict /dict /plist run. ..type ..reserved ..sectorStart. ..sectorCount. ..compOffset.. ..compLength.. 0x 0x0140 0x02C0 0x 0x0040 0x0005C300 0x07FF 0x0001 0xFFC0 0x 0x0040 0x 0x 0x4141 0x0002 0x41414141 0x41414141 0x0041414141414141 0x0041424141414141 0x414141464141 0x4141414141414148 0x0003 0x2F2F2F2F 0x2F384141 0x0041414141414141 0x0041414141454141 0x4141414141414141 0x4141414141414141 0x0004 0x41414141 0x41414141 0x0041414141413D00 0x0041414141414541 0x414141410A090909 0x0941414141414141 0x0005 0x41414141 0x41414141 0x0041414141414141 0x004141413D0A0909 0x0909 0x1119 0x0006 0x 0x 0x 0x 0x0040 0x0005C300 zero 0x0007 0x07FF 0xFFC0 0x 0x0040 0x 0x 0x0008 0x4141 0x41414141 0x0041414141414141 0x0041414141414241 0x4141414141414146 0x414141414141 0x0009 0x41414148 0x2F2F2F2F 0x0038414141414141 0x0041414141414141 0x4145414141414141 0x4141414141414141 0x000A 0x41414141 0x41414141 0x0041414141414141 0x00413D0041414141 0x4141454141414141 0x0A09090909414141 0x000B 0x41414141 0x41414141 0x0041414141414141 0x0041414141414141 0x3D0A09090909 0x 0x000C 0x1119 0x 0x 0x 0x0040 0x0005C300 0x000D 0x 0x07FF 0x007FFFC0 0x0040 0x 0x zero 0x000E 0x 0x4141 0x0041414141414141 0x0041414141414141 0x4141424141414141 0x414141464141 zero -- Henri Salo denial-of-service.dmg Description: application/apple-diskimage
Bug#778529: lame: fill_buffer_resample segmentation fault
On Wed, Feb 18, 2015 at 12:11:35PM +0100, Fabian Greffrath wrote: Phew, got it. Thank you for your comprehensive analysis. I have verified that the patch fixes this issue. Should I report this to upstream bug tracker or does package maintainer handle that? Bug tracker in sourceforge.net does not seem to be very active. -- Henri Salo ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#778529: lame: fill_buffer_resample segmentation fault
On Wed, Feb 18, 2015 at 12:11:35PM +0100, Fabian Greffrath wrote: Phew, got it. Thank you for your comprehensive analysis. I have verified that the patch fixes this issue. Should I report this to upstream bug tracker or does package maintainer handle that? Bug tracker in sourceforge.net does not seem to be very active. -- Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
[Secure-testing-commits] r32316 - data/CVE
Author: fgeek-guest Date: 2015-02-18 16:45:36 + (Wed, 18 Feb 2015) New Revision: 32316 Modified: data/CVE/list Log: CVE-2015-1517/piwigo Modified: data/CVE/list === --- data/CVE/list 2015-02-18 16:44:20 UTC (rev 32315) +++ data/CVE/list 2015-02-18 16:45:36 UTC (rev 32316) @@ -243,6 +243,7 @@ TODO: check CVE-2015-1517 RESERVED + - piwigo removed CVE-2015-1516 RESERVED CVE-2015-1515 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32317 - data/CVE
Author: fgeek-guest Date: 2015-02-18 16:48:29 + (Wed, 18 Feb 2015) New Revision: 32317 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-02-18 16:45:36 UTC (rev 32316) +++ data/CVE/list 2015-02-18 16:48:29 UTC (rev 32317) @@ -26,6 +26,8 @@ NOT-FOR-US: node-dns-sync CVE-2014- [more to CVE-2014-6585] - icu unfixed (low; bug #778511) +CVE-2015-1614 + NOT-FOR-US: WordPress plugin image-metadata-cruncher CVE-2015-1607 [memcpy with overlapping ranges, resulting from incorrect bitwise left shifts] [experimental] - gnupg2 2.1.2-1 - gnupg2 2.0.26-5 (bug #778577) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32259 - data/CVE
Author: fgeek-guest Date: 2015-02-16 15:01:51 + (Mon, 16 Feb 2015) New Revision: 32259 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-02-16 13:59:15 UTC (rev 32258) +++ data/CVE/list 2015-02-16 15:01:51 UTC (rev 32259) @@ -18,6 +18,8 @@ NOT-FOR-US: Landsknecht Adminsystems CVE-2015-1603 NOT-FOR-US: Landsknecht Adminsystems +CVE-2015-1600 + NOT-FOR-US: Netatmo Weather Station CVE-2015-1588 RESERVED CVE-2015-1587 @@ -356,7 +358,7 @@ CVE-2014-9679 [cupsRasterReadPixels buffer overflow] RESERVED [experimental] - cups 2.0.2-1 - - cups unfixed (bug #778387) + - cups unfixed (bug #778387) NOTE: Marked with [experimental] tag as the fix is only in experimental so far NOTE: Switch this to regular fixed version once the fix is in unstable NOTE: https://www.cups.org/strfiles.php/3438/str4551.patch ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32260 - data/CVE
Author: fgeek-guest Date: 2015-02-16 15:02:38 + (Mon, 16 Feb 2015) New Revision: 32260 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-02-16 15:01:51 UTC (rev 32259) +++ data/CVE/list 2015-02-16 15:02:38 UTC (rev 32260) @@ -28,6 +28,7 @@ RESERVED CVE-2015-1585 RESERVED + NOT-FOR-US: Fat Free CRM CVE-2015-1584 RESERVED CVE-2015-1583 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32163 - data/CVE
Author: fgeek-guest Date: 2015-02-11 20:43:31 + (Wed, 11 Feb 2015) New Revision: 32163 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-02-11 19:58:40 UTC (rev 32162) +++ data/CVE/list 2015-02-11 20:43:31 UTC (rev 32163) @@ -2919,6 +2919,7 @@ NOT-FOR-US: Cisco CVE-2015-0580 RESERVED + NOT-FOR-US: Cisco Secure Access Control System CVE-2015-0579 (Cisco TelePresence Video Communication Server (VCS) and Cisco ...) NOT-FOR-US: Cisco TelePrecence Video Communication Server CVE-2015-0578 (Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32133 - data/CVE
Author: fgeek-guest Date: 2015-02-10 14:52:57 + (Tue, 10 Feb 2015) New Revision: 32133 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-02-10 09:11:13 UTC (rev 32132) +++ data/CVE/list 2015-02-10 14:52:57 UTC (rev 32133) @@ -13012,6 +13012,7 @@ NOT-FOR-US: IBM CVE-2014-6137 RESERVED + NOT-FOR-US: IBM Endpoint Manager CVE-2014-6136 (IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports ...) NOT-FOR-US: IBM CVE-2014-6135 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32128 - data/CVE
Author: fgeek-guest Date: 2015-02-10 06:42:19 + (Tue, 10 Feb 2015) New Revision: 32128 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-02-10 06:10:41 UTC (rev 32127) +++ data/CVE/list 2015-02-10 06:42:19 UTC (rev 32128) @@ -3439,6 +3439,7 @@ RESERVED CVE-2015-0519 RESERVED + NOT-FOR-US: EMC Captiva Capture CVE-2015-0518 RESERVED NOT-FOR-US: EMC Documentum D2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32129 - data/CVE
Author: fgeek-guest Date: 2015-02-10 06:43:16 + (Tue, 10 Feb 2015) New Revision: 32129 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-02-10 06:42:19 UTC (rev 32128) +++ data/CVE/list 2015-02-10 06:43:16 UTC (rev 32129) @@ -898,6 +898,7 @@ RESERVED CVE-2015-1172 RESERVED + NOT-FOR-US: WordPress theme holding_pattern CVE-2015-1171 RESERVED CVE-2015-1170 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
Re: CVE-2015-1437 XSS In ASUS Router.
On Tue, Feb 03, 2015 at 04:54:26PM +, kingkaust...@me.com wrote: 8-jan-2015 Repoerted to ASUS 9-jan-2015 Asus confirm that they reported to concern department 15-jan-2015 Ask for update from asus asus says reported to HQ 28-jan-2015 Ask asus about reporting security foucus No reply from ASUS 29-jan-2015 security focus bugtraq Could you copy-paste their exact responses, thanks? I hope they did not say issue has been reported to concern department. This probably affects other firmwares as well. -- Henri Salo
[Secure-testing-commits] r31974 - data/CVE
Author: fgeek-guest Date: 2015-02-05 05:38:08 + (Thu, 05 Feb 2015) New Revision: 31974 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-02-05 05:37:18 UTC (rev 31973) +++ data/CVE/list 2015-02-05 05:38:08 UTC (rev 31974) @@ -3207,8 +3207,10 @@ RESERVED CVE-2015-0518 RESERVED + NOT-FOR-US: EMC Documentum D2 CVE-2015-0517 RESERVED + NOT-FOR-US: EMC Documentum D2 CVE-2015-0516 (Directory traversal vulnerability in EMC Mamp;R (aka Watch4Net) before ...) TODO: check CVE-2015-0515 (Unrestricted file upload vulnerability in EMC Mamp;R (aka Watch4Net) ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31935 - data/CVE
Author: fgeek-guest Date: 2015-02-03 17:06:15 + (Tue, 03 Feb 2015) New Revision: 31935 Modified: data/CVE/list Log: CVE-2015-1465 Modified: data/CVE/list === --- data/CVE/list 2015-02-03 15:54:56 UTC (rev 31934) +++ data/CVE/list 2015-02-03 17:06:15 UTC (rev 31935) @@ -1,7 +1,7 @@ CVE-2014- [Multiple imagemagick bugs] - imagemagick 8:6.8.9.9-4 (bug #773834) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2014/12/24/1 -CVE-2015- [net: DoS due to routing packets to too many different dsts/too fast] +CVE-2015-1465 [net: DoS due to routing packets to too many different dsts/too fast] - linux unfixed - linux-2.6 removed NOTE: Upstream patch: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df4d92549f23e1c037e83323aff58a21b3de7fe0 (v3.19-rc7) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31895 - data/CVE
Author: fgeek-guest Date: 2015-02-02 06:57:02 + (Mon, 02 Feb 2015) New Revision: 31895 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-02-02 06:51:29 UTC (rev 31894) +++ data/CVE/list 2015-02-02 06:57:02 UTC (rev 31895) @@ -616,6 +616,7 @@ TODO: check CVE-2015-1177 RESERVED + NOT-FOR-US: Exponent CMS CVE-2015-1176 (Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in ...) NOT-FOR-US: osTicket CVE-2015-1174 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31896 - data/CVE
Author: fgeek-guest Date: 2015-02-02 07:00:55 + (Mon, 02 Feb 2015) New Revision: 31896 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-02-02 06:57:02 UTC (rev 31895) +++ data/CVE/list 2015-02-02 07:00:55 UTC (rev 31896) @@ -130,7 +130,7 @@ CVE-2015-1364 (SQL injection vulnerability in the getProfile function in ...) TODO: check CVE-2015-1363 (Cross-site scripting (XSS) vulnerability in Free Reprintables ...) - TODO: check + NOT-FOR-US: ArticleFR CVE-2015-1362 (Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot ...) TODO: check CVE-2015-1361 (platform/image-decoders/ImageFrame.h in Blink, as used in Google ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31873 - data/CVE
Author: fgeek-guest Date: 2015-01-31 16:10:37 + (Sat, 31 Jan 2015) New Revision: 31873 Modified: data/CVE/list Log: CVE-2015-1433/roundcube fixed by Vincent Bernat. Modified: data/CVE/list === --- data/CVE/list 2015-01-31 16:07:06 UTC (rev 31872) +++ data/CVE/list 2015-01-31 16:10:37 UTC (rev 31873) @@ -1,5 +1,7 @@ CVE-2015-1433 [roundcube: XSS] - - roundcube unfixed (low; bug #776700) + - roundcube 0.9.5+dfsg1-4.2 (low; bug #776700) + [wheezy] - roundcube no-dsa (Minor issue) + [squeeze] - roundcube no-dsa (Minor issue) CVE-2015-1432 [phpbb3: CSRF] - phpbb3 unfixed (low; bug #776699) [wheezy] - phpbb3 no-dsa (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31870 - data/CVE
Author: fgeek-guest Date: 2015-01-31 14:05:52 + (Sat, 31 Jan 2015) New Revision: 31870 Modified: data/CVE/list Log: CVE-2015-1430/xymon CVE assigned Modified: data/CVE/list === --- data/CVE/list 2015-01-31 13:52:15 UTC (rev 31869) +++ data/CVE/list 2015-01-31 14:05:52 UTC (rev 31870) @@ -10,6 +10,12 @@ [wheezy] - phpbb3 no-dsa (Minor issue) [squeeze] - phpbb3 no-dsa (Minor issue) NOTE: https://tracker.phpbb.com/browse/PHPBB3-13531 +CVE-2015-1430 [buffer overrun in acknowledge.c(gi)] + - xymon 4.3.17-5 (low; bug #776007) + [squeeze] - xymon not-affected (Vulnerable code not present) + [wheezy] - xymon not-affected (Vulnerable code not present) + NOTE: Upstream patch: http://sourceforge.net/p/xymon/code/7483/ + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/30/17 CVE-2015-1425 RESERVED CVE-2015-1424 (Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and ...) @@ -632,12 +638,6 @@ RESERVED CVE-2014-9631 RESERVED -CVE-2015- [buffer overrun in acknowledge.c(gi)] - - xymon 4.3.17-5 (low; bug #776007) - [squeeze] - xymon not-affected (Vulnerable code not present) - [wheezy] - xymon not-affected (Vulnerable code not present) - NOTE: Upstream patch: http://sourceforge.net/p/xymon/code/7483/ - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/30/17 CVE-2014-9638 (oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial ...) - vorbis-tools unfixed (unimportant; bug #776086) - opus-tools unfixed (unimportant) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31872 - data/CVE
Author: fgeek-guest Date: 2015-01-31 16:07:06 + (Sat, 31 Jan 2015) New Revision: 31872 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-01-31 15:19:55 UTC (rev 31871) +++ data/CVE/list 2015-01-31 16:07:06 UTC (rev 31872) @@ -104,13 +104,13 @@ CVE-2015-1375 (pixabay-images.php in the Pixabay Images plugin before 2.4 for ...) NOT-FOR-US: WordPress plugin Pixabay Images CVE-2015-1374 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) - TODO: check + NOT-FOR-US: ferretCMS CVE-2015-1373 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...) - TODO: check + NOT-FOR-US: ferretCMS CVE-2015-1372 (SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote ...) - TODO: check + NOT-FOR-US: ferretCMS CVE-2015-1371 (Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows ...) - TODO: check + NOT-FOR-US: ferretCMS CVE-2015-1368 (Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower ...) TODO: check CVE-2015-1367 (SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31869 - data/CVE
Author: fgeek-guest Date: 2015-01-31 13:52:15 + (Sat, 31 Jan 2015) New Revision: 31869 Modified: data/CVE/list Log: CVEs assigned for roundcube and phpbb3 issues Modified: data/CVE/list === --- data/CVE/list 2015-01-31 13:00:36 UTC (rev 31868) +++ data/CVE/list 2015-01-31 13:52:15 UTC (rev 31869) @@ -1,5 +1,15 @@ -CVE-2015- [roundcube: XSS] +CVE-2015-1433 [roundcube: XSS] - roundcube unfixed (low; bug #776700) +CVE-2015-1432 [phpbb3: CSRF] + - phpbb3 unfixed (low; bug #776699) + [wheezy] - phpbb3 no-dsa (Minor issue) + [squeeze] - phpbb3 no-dsa (Minor issue) + NOTE: https://tracker.phpbb.com/browse/PHPBB3-13526 +CVE-2015-1431 [phpbb3: css injection] + - phpbb3 unfixed (low; bug #776699) + [wheezy] - phpbb3 no-dsa (Minor issue) + [squeeze] - phpbb3 no-dsa (Minor issue) + NOTE: https://tracker.phpbb.com/browse/PHPBB3-13531 CVE-2015-1425 RESERVED CVE-2015-1424 (Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and ...) @@ -183,13 +193,6 @@ CVE-2015-1401 RESERVED NOT-FOR-US: typo3 extension -CVE-2015- [phpbb3 csrf css injection] - - phpbb3 unfixed (low; bug #776699) - [wheezy] - phpbb3 no-dsa (Minor issue) - [squeeze] - phpbb3 no-dsa (Minor issue) - NOTE: https://wiki.phpbb.com/Release_Highlights/3.0.13 - NOTE: https://github.com/phpbb/phpbb/pull/3311 - NOTE: https://github.com/phpbb/phpbb/pull/3316 CVE-2015- [can be crashed by some network traffic] - kgb-bot unfixed (bug #776424) CVE-2014- [Digest authentification never replay Ldap requests] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31871 - data/CVE
Author: fgeek-guest Date: 2015-01-31 15:19:55 + (Sat, 31 Jan 2015) New Revision: 31871 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-01-31 14:05:52 UTC (rev 31870) +++ data/CVE/list 2015-01-31 15:19:55 UTC (rev 31871) @@ -100,9 +100,9 @@ RESERVED NOT-FOR-US: WordPress plugin geo-mashup CVE-2015-1376 (pixabay-images.php in the Pixabay Images plugin before 2.4 for ...) - TODO: check + NOT-FOR-US: WordPress plugin Pixabay Images CVE-2015-1375 (pixabay-images.php in the Pixabay Images plugin before 2.4 for ...) - TODO: check + NOT-FOR-US: WordPress plugin Pixabay Images CVE-2015-1374 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) TODO: check CVE-2015-1373 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...) @@ -116,9 +116,9 @@ CVE-2015-1367 (SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote ...) TODO: check CVE-2015-1366 (Cross-site scripting (XSS) vulnerability in pixabay-images.php in the ...) - TODO: check + NOT-FOR-US: Wordpress plugin Pixabay Images CVE-2015-1365 (Directory traversal vulnerability in pixabay-images.php in the Pixabay ...) - TODO: check + NOT-FOR-US: Wordpress plugin Pixabay Images CVE-2015-1364 (SQL injection vulnerability in the getProfile function in ...) TODO: check CVE-2015-1363 (Cross-site scripting (XSS) vulnerability in Free Reprintables ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31861 - data/CVE
Author: fgeek-guest Date: 2015-01-31 10:16:04 + (Sat, 31 Jan 2015) New Revision: 31861 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-01-30 21:10:17 UTC (rev 31860) +++ data/CVE/list 2015-01-31 10:16:04 UTC (rev 31861) @@ -9780,6 +9780,7 @@ NOT-FOR-US: Symantec Data Center Security CVE-2014-7288 RESERVED + NOT-FOR-US: Symantec Encryption Management Server CVE-2014-7287 RESERVED CVE-2014-7286 (Buffer overflow in AClient in Symantec Deployment Solution 6.9 and ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31862 - data/CVE
Author: fgeek-guest Date: 2015-01-31 10:17:51 + (Sat, 31 Jan 2015) New Revision: 31862 Modified: data/CVE/list Log: CVE-2014-9496/libsndfile fixed by Michael Gilbert's upload. Modified: data/CVE/list === --- data/CVE/list 2015-01-31 10:16:04 UTC (rev 31861) +++ data/CVE/list 2015-01-31 10:17:51 UTC (rev 31862) @@ -3042,7 +3042,7 @@ NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=610bfc6bc99bc83680d190ebc69359a05fc7f605 (v3.13-rc1) NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5b6698b0e4a37053de35cc24ee695b98a7eb712b CVE-2014-9496 (The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows ...) - - libsndfile unfixed (low; bug #774162) + - libsndfile 1.0.25-9.1 (low; bug #774162) [squeeze] - libsndfile no-dsa (Minor issue) [wheezy] - libsndfile no-dsa (Minor issue) CVE-2014- [a2p: buffer overflow] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
Bug#776699: phpbb3: CSRF and CSS injection
Package: phpbb3 Version: 3.0.12-3 Severity: important Tags: security, fixed-upstream, upstream CVE request: http://www.openwall.com/lists/oss-security/2015/01/31/2 https://wiki.phpbb.com/Release_Highlights/3.0.13 https://tracker.phpbb.com/browse/PHPBB3-13531 https://github.com/phpbb/phpbb/pull/3316 CSS Injection via Relative Path Overwrite. Thanks to James Kettle for bringing this to our attention https://tracker.phpbb.com/browse/PHPBB3-13526 https://github.com/phpbb/phpbb/pull/3311 The ucp_pm_options form key is now properly validated. Thanks to FBNeal and lampsys who reported this independently. -- Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
[Secure-testing-commits] r31866 - data/CVE
Author: fgeek-guest Date: 2015-01-31 12:38:20 + (Sat, 31 Jan 2015) New Revision: 31866 Modified: data/CVE/list Log: phpbb3 BTS and CVEs requested Modified: data/CVE/list === --- data/CVE/list 2015-01-31 11:37:05 UTC (rev 31865) +++ data/CVE/list 2015-01-31 12:38:20 UTC (rev 31866) @@ -182,7 +182,7 @@ RESERVED NOT-FOR-US: typo3 extension CVE-2015- [phpbb3 csrf css injection] - - phpbb3 unfixed (low) + - phpbb3 unfixed (low; bug #776699) [wheezy] - phpbb3 no-dsa (Minor issue) [squeeze] - phpbb3 no-dsa (Minor issue) NOTE: https://wiki.phpbb.com/Release_Highlights/3.0.13 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
Bug#776700: roundcube: Cross-site scripting vulnerability fixed in 1.0.5
Package: roundcube Version: 0.9.5+dfsg1-4.1 Severity: important Tags: security, fixed-upstream, upstream Cross-site scripting vulnerability has been fixed in Roundcube 1.0.5 version. Please update Debian packages, thanks. http://roundcube.net/news/2015/01/24/security-update-1.0.5/ http://trac.roundcube.net/wiki/Changelog#RELEASE1.0.5 http://trac.roundcube.net/ticket/1490227 CVE request: http://www.openwall.com/lists/oss-security/2015/01/31/3 If you need any help with this case feel free to contact me. -- Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
[Secure-testing-commits] r31867 - data/CVE
Author: fgeek-guest Date: 2015-01-31 12:57:02 + (Sat, 31 Jan 2015) New Revision: 31867 Modified: data/CVE/list Log: roundcube XSS vulnerability Modified: data/CVE/list === --- data/CVE/list 2015-01-31 12:38:20 UTC (rev 31866) +++ data/CVE/list 2015-01-31 12:57:02 UTC (rev 31867) @@ -1,3 +1,5 @@ +CVE-2015- [roundcube: XSS] + - roundcube unfixed (low; bug #776700) CVE-2015-1425 RESERVED CVE-2015-1424 (Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31854 - data/CVE
Author: fgeek-guest Date: 2015-01-30 15:36:37 + (Fri, 30 Jan 2015) New Revision: 31854 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-01-30 14:21:37 UTC (rev 31853) +++ data/CVE/list 2015-01-30 15:36:37 UTC (rev 31854) @@ -16143,6 +16143,7 @@ NOT-FOR-US: EMC RSA Archer GRC Platform CVE-2014-4632 RESERVED + NOT-FOR-US: EMC Avamar CVE-2014-4631 (RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when ...) NOT-FOR-US: RSA Adaptive Authentication CVE-2014-4630 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31852 - data/CVE
Author: fgeek-guest Date: 2015-01-30 14:20:44 + (Fri, 30 Jan 2015) New Revision: 31852 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-01-30 14:19:51 UTC (rev 31851) +++ data/CVE/list 2015-01-30 14:20:44 UTC (rev 31852) @@ -64,6 +64,7 @@ RESERVED CVE-2015-1385 RESERVED + NOT-FOR-US: WordPress plugin powerpress CVE-2015-1384 RESERVED CVE-2015-1383 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31853 - data/CVE
Author: fgeek-guest Date: 2015-01-30 14:21:37 + (Fri, 30 Jan 2015) New Revision: 31853 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2015-01-30 14:20:44 UTC (rev 31852) +++ data/CVE/list 2015-01-30 14:21:37 UTC (rev 31853) @@ -48,8 +48,10 @@ RESERVED CVE-2015-1394 RESERVED + NOT-FOR-US: WordPress plugin photo-gallery CVE-2015-1393 RESERVED + NOT-FOR-US: WordPress plugin photo-gallery CVE-2015-1392 RESERVED CVE-2015-1391 @@ -69,6 +71,7 @@ RESERVED CVE-2015-1383 RESERVED + NOT-FOR-US: WordPress plugin geo-mashup CVE-2015-1376 (pixabay-images.php in the Pixabay Images plugin before 2.4 for ...) TODO: check CVE-2015-1375 (pixabay-images.php in the Pixabay Images plugin before 2.4 for ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31760 - data/CVE
Author: fgeek-guest Date: 2015-01-27 19:23:02 + (Tue, 27 Jan 2015) New Revision: 31760 Modified: data/CVE/list Log: qpidd CVE-2015-0223, CVE-2015-0224 Modified: data/CVE/list === --- data/CVE/list 2015-01-27 18:58:27 UTC (rev 31759) +++ data/CVE/list 2015-01-27 19:23:02 UTC (rev 31760) @@ -4808,10 +4808,12 @@ RESERVED CVE-2015-0225 RESERVED -CVE-2015-0224 +CVE-2015-0224 [qpidd can be crashed by unauthenticated user] RESERVED -CVE-2015-0223 + - qpidd unfixed +CVE-2015-0223 [anonymous access to qpidd cannot be prevented] RESERVED + - qpidd unfixed CVE-2015-0222 (ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x ...) - python-django 1.7.1-1.1 (bug #775375) [wheezy] - python-django not-affected (1.4.x not affected) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31759 - data/CVE
Author: fgeek-guest Date: 2015-01-27 18:58:27 + (Tue, 27 Jan 2015) New Revision: 31759 Modified: data/CVE/list Log: NFU. Thanks pabs Modified: data/CVE/list === --- data/CVE/list 2015-01-27 18:25:18 UTC (rev 31758) +++ data/CVE/list 2015-01-27 18:58:27 UTC (rev 31759) @@ -1,6 +1,5 @@ CVE-2015-1369 - TODO: check - NOTE: https://nodesecurity.io/advisories/sequelize-sql-injection-order + NOT-FOR-US: sequelize CVE-2015-1354 RESERVED CVE-2015-1349 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31758 - data/CVE
Author: fgeek-guest Date: 2015-01-27 18:25:18 + (Tue, 27 Jan 2015) New Revision: 31758 Modified: data/CVE/list Log: socat CVE-2015-1379 Modified: data/CVE/list === --- data/CVE/list 2015-01-27 17:54:40 UTC (rev 31757) +++ data/CVE/list 2015-01-27 18:25:18 UTC (rev 31758) @@ -98,7 +98,7 @@ [wheezy] - unshield no-dsa (Minor issue) [squeeze] - unshield no-dsa (Minor issue) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/26/2 -CVE-2015- [DoS with fork] +CVE-2015-1379 [DoS with fork] - socat unfixed (bug #776234) [wheezy] - socat no-dsa (Minor issue) [squeeze] - socat no-dsa (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31755 - data/CVE
Author: fgeek-guest Date: 2015-01-27 17:52:40 + (Tue, 27 Jan 2015) New Revision: 31755 Modified: data/CVE/list Log: osvdb.org URL cleanup Modified: data/CVE/list === --- data/CVE/list 2015-01-27 17:42:37 UTC (rev 31754) +++ data/CVE/list 2015-01-27 17:52:40 UTC (rev 31755) @@ -55168,7 +55168,7 @@ CVE-2012-3878 [Perl require Directive Path Subversion Arbitrary Module / File Loading Weakness] RESERVED - perl unfixed (unimportant; bug #776270) - NOTE: http://osvdb.org/show/osvdb/106565 + NOTE: http://osvdb.org/106565 NOTE: http://www.nntp.perl.org/group/perl.perl5.porters/2012/07/msg189909.html NOTE: (possibly) to be rejected, see also http://www.openwall.com/lists/oss-security/2015/01/26/3 CVE-2012-3877 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31756 - data/CVE
Author: fgeek-guest Date: 2015-01-27 17:53:40 + (Tue, 27 Jan 2015) New Revision: 31756 Modified: data/CVE/list Log: Syntax fix Modified: data/CVE/list === --- data/CVE/list 2015-01-27 17:52:40 UTC (rev 31755) +++ data/CVE/list 2015-01-27 17:53:40 UTC (rev 31756) @@ -3091,7 +3091,7 @@ CVE-2015-0418 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...) - virtualbox 4.3.2-dfsg-1 (low; bug #775888) - virtualbox-ose removed (low) -NOTE: This only affects releases 4.3, so marking the first 4.3 upload as the fixed version + NOTE: This only affects releases 4.3, so marking the first 4.3 upload as the fixed version CVE-2015-0417 (Unspecified vulnerability in the Siebel UI Framework component in ...) TODO: check CVE-2015-0416 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...) @@ -8034,8 +8034,8 @@ - ffmpeg 7:2.4.2-1 [squeeze] - ffmpeg end-of-life - libav unfixed -NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057 -NOTE: libav: needed + NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057 + NOTE: libav: needed CVE-2014-7936 (Use-after-free vulnerability in the ZoomBubbleView::Close function in ...) - chromium-browser 40.0.2214.91-1 [squeeze] - chromium-browser end-of-life @@ -8051,8 +8051,8 @@ - ffmpeg 7:2.5.1-1 [squeeze] - ffmpeg end-of-life - libav unfixed -NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682 -NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682 + NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682 + NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682 CVE-2014-7932 (Use-after-free vulnerability in the Element::detach function in ...) - chromium-browser 40.0.2214.91-1 [squeeze] - chromium-browser end-of-life ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
