[Secure-testing-commits] r56166 - in data: . DSA
Author: fw Date: 2017-09-26 19:39:04 + (Tue, 26 Sep 2017) New Revision: 56166 Modified: data/DSA/list data/dsa-needed.txt Log: DSA-3984-1 git Modified: data/DSA/list === --- data/DSA/list 2017-09-26 19:03:31 UTC (rev 56165) +++ data/DSA/list 2017-09-26 19:39:04 UTC (rev 56166) @@ -1,3 +1,6 @@ +[26 Sep 2017] DSA-3984-1 git - security update + [jessie] - git 1:2.1.4-2.1+deb8u5 (bug #876854) + [stretch] - git 1:2.11.0-3+deb9u2 (bug #876854) [22 Sep 2017] DSA-3983-1 samba - security update {CVE-2017-12150 CVE-2017-12151 CVE-2017-12163} [jessie] - samba 2:4.2.14+dfsg-0+deb8u8 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-09-26 19:03:31 UTC (rev 56165) +++ data/dsa-needed.txt 2017-09-26 19:39:04 UTC (rev 56166) @@ -25,8 +25,6 @@ -- graphicsmagick -- -git --- git-annex (seb) 2017-08-23: sent email to Richard Hartmann -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r47932 - in data: . DSA
Author: fw Date: 2017-01-11 21:48:04 + (Wed, 11 Jan 2017) New Revision: 47932 Modified: data/DSA/list data/dsa-needed.txt Log: DSA-3758-1 bind9 Modified: data/DSA/list === --- data/DSA/list 2017-01-11 21:31:09 UTC (rev 47931) +++ data/DSA/list 2017-01-11 21:48:04 UTC (rev 47932) @@ -1,3 +1,6 @@ +[11 Jan 2017] DSA-3758-1 bind9 - security update + {CVE-2016-9131 CVE-2016-9147 CVE-2016-9444} + [jessie] - bind9 1:9.9.5.dfsg-9+deb8u9 [11 Jan 2017] DSA-3757-1 icedove - security update {CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9904 CVE-2016-9905} [jessie] - icedove 1:45.6.0-1~deb8u1 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-01-11 21:31:09 UTC (rev 47931) +++ data/dsa-needed.txt 2017-01-11 21:48:04 UTC (rev 47932) @@ -17,8 +17,6 @@ apache2 sf is working on an update, but needs extra testing due to invasive changes -- -bind9 (fw) --- graphicsmagick -- icoutils (carnil) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r45857 - data/DSA
Author: fw Date: 2016-11-01 21:28:30 + (Tue, 01 Nov 2016) New Revision: 45857 Modified: data/DSA/list Log: DSA-3703-1 bind9 Modified: data/DSA/list === --- data/DSA/list 2016-11-01 21:10:11 UTC (rev 45856) +++ data/DSA/list 2016-11-01 21:28:30 UTC (rev 45857) @@ -1,3 +1,6 @@ +[01 Nov 2016] DSA-3703-1 bind9 - security update + {CVE-2016-8864} + [jessie] - bind9 1:9.9.5.dfsg-9+deb8u8 [01 Nov 2016] DSA-3702-1 tar - security update {CVE-2016-6321} [jessie] - tar 1.27.1-2+deb8u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r45599 - data/DSA
Author: fw Date: 2016-10-25 18:31:02 + (Tue, 25 Oct 2016) New Revision: 45599 Modified: data/DSA/list Log: Summary: DSA-3701-1 nginx Modified: data/DSA/list === --- data/DSA/list 2016-10-25 18:12:43 UTC (rev 45598) +++ data/DSA/list 2016-10-25 18:31:02 UTC (rev 45599) @@ -1,3 +1,6 @@ +[25 Oct 2016] DSA-3701-1 nginx - security update + {CVE-2016-1247} + [jessie] - nginx 1.6.2-5+deb8u3 [25 Oct 2016] DSA-3700-1 asterisk - security update {CVE-2015-3008 CVE-2016-2232 CVE-2016-2316 CVE-2016-7551} [jessie] - asterisk 1:11.13.1~dfsg-2+deb8u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r45435 - data/CVE
Author: fw Date: 2016-10-18 20:15:04 + (Tue, 18 Oct 2016) New Revision: 45435 Modified: data/CVE/list Log: CVE-2016-1245 quagga fixed Modified: data/CVE/list === --- data/CVE/list 2016-10-18 19:46:53 UTC (rev 45434) +++ data/CVE/list 2016-10-18 20:15:04 UTC (rev 45435) @@ -24317,7 +24317,7 @@ NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2 (4.037) CVE-2016-1245 RESERVED - - quagga (bug #841162) + - quagga 1.0.20160315-3 (bug #841162) NOTE: Fixed by: https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546 NOTE: https://lists.quagga.net/pipermail/quagga-users/2016-October/014478.html CVE-2016-1244 (The extractTree function in unADF allows remote attackers to execute ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r45434 - data/DSA
Author: fw Date: 2016-10-18 19:46:53 + (Tue, 18 Oct 2016) New Revision: 45434 Modified: data/DSA/list Log: Summary: DSA-3695-1 quagga Modified: data/DSA/list === --- data/DSA/list 2016-10-18 19:16:58 UTC (rev 45433) +++ data/DSA/list 2016-10-18 19:46:53 UTC (rev 45434) @@ -1,3 +1,6 @@ +[18 Oct 2016] DSA-3695-1 quagga - security update + {CVE-2016-1245} + [jessie] - quagga 0.99.23.1-1+deb8u3 [18 Oct 2016] DSA-3694-1 tor - security update [jessie] - tor 0.2.5.12-3 [14 Oct 2016] DSA-3693-1 libgd2 - security update ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r45088 - in data: . DSA
Author: fw Date: 2016-10-05 19:24:06 + (Wed, 05 Oct 2016) New Revision: 45088 Modified: data/DSA/list data/dsa-needed.txt Log: DSA-3688-1 nss Modified: data/DSA/list === --- data/DSA/list 2016-10-05 19:21:26 UTC (rev 45087) +++ data/DSA/list 2016-10-05 19:24:06 UTC (rev 45088) @@ -1,3 +1,6 @@ +[05 Oct 2016] DSA-3688-1 nss - security update + {CVE-2015-4000 CVE-2015-7181 CVE-2015-7182 CVE-2015-7575 CVE-2016-1938 CVE-2016-1950 CVE-2016-1978 CVE-2016-1979 CVE-2016-2834} + [jessie] - nss 2:3.26-1+debu8u1 [05 Oct 2016] DSA-3687-1 nspr - security update {CVE-2016-1951} [jessie] - nspr 2:4.12-1+debu8u1 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-10-05 19:21:26 UTC (rev 45087) +++ data/dsa-needed.txt 2016-10-05 19:24:06 UTC (rev 45088) @@ -24,8 +24,6 @@ -- linux -- -nss (fw) --- php5 -- qemu ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r45086 - data/DSA
Author: fw Date: 2016-10-05 18:44:32 + (Wed, 05 Oct 2016) New Revision: 45086 Modified: data/DSA/list Log: Summary: DSA-3686-1 icedove Modified: data/DSA/list === --- data/DSA/list 2016-10-05 18:42:32 UTC (rev 45085) +++ data/DSA/list 2016-10-05 18:44:32 UTC (rev 45086) @@ -1,6 +1,9 @@ [05 Oct 2016] DSA-3687-1 nspr - security update {CVE-2016-1951} [jessie] - nspr 2:4.12-1+debu8u1 +[05 Oct 2016] DSA-3686-1 icedove - security update + {CVE-2016-2836} + [jessie] - icedove 1:45.3.0-1~deb8u1 [04 Oct 2016] DSA-3685-1 libav - security update {CVE-2016-7424} [jessie] - libav 6:11.8-1~deb8u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r45085 - data/DSA
Author: fw Date: 2016-10-05 18:42:32 + (Wed, 05 Oct 2016) New Revision: 45085 Modified: data/DSA/list Log: Summary: Correct DSA number Modified: data/DSA/list === --- data/DSA/list 2016-10-05 18:35:38 UTC (rev 45084) +++ data/DSA/list 2016-10-05 18:42:32 UTC (rev 45085) @@ -1,4 +1,4 @@ -[05 Oct 2016] DSA-3686-1 nspr - security update +[05 Oct 2016] DSA-3687-1 nspr - security update {CVE-2016-1951} [jessie] - nspr 2:4.12-1+debu8u1 [04 Oct 2016] DSA-3685-1 libav - security update ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r45084 - in data: . DSA
Author: fw Date: 2016-10-05 18:35:38 + (Wed, 05 Oct 2016) New Revision: 45084 Modified: data/DSA/list data/dsa-needed.txt Log: DSA-3686-1 nspr Modified: data/DSA/list === --- data/DSA/list 2016-10-05 18:22:15 UTC (rev 45083) +++ data/DSA/list 2016-10-05 18:35:38 UTC (rev 45084) @@ -1,3 +1,6 @@ +[05 Oct 2016] DSA-3686-1 nspr - security update + {CVE-2016-1951} + [jessie] - nspr 2:4.12-1+debu8u1 [04 Oct 2016] DSA-3685-1 libav - security update {CVE-2016-7424} [jessie] - libav 6:11.8-1~deb8u1 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-10-05 18:22:15 UTC (rev 45083) +++ data/dsa-needed.txt 2016-10-05 18:35:38 UTC (rev 45084) @@ -24,8 +24,6 @@ -- linux -- -nspr (fw) --- nss (fw) -- php5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r45007 - data/DSA
Author: fw Date: 2016-10-03 17:05:00 + (Mon, 03 Oct 2016) New Revision: 45007 Modified: data/DSA/list Log: Summary: DSA-3684-1 libdbd-mysql-perl Modified: data/DSA/list === --- data/DSA/list 2016-10-03 17:04:44 UTC (rev 45006) +++ data/DSA/list 2016-10-03 17:05:00 UTC (rev 45007) @@ -1,3 +1,6 @@ +[03 Oct 2016] DSA-3684-1 libdbd-mysql-perl - security update + {CVE-2016-1246} + [jessie] - libdbd-mysql-perl 4.028-2+deb8u2 [02 Oct 2016] DSA-3683-1 chromium-browser - security update {CVE-2016-5177 CVE-2016-5178} [jessie] - chromium-browser 53.0.2785.143-1~deb8u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r45006 - data/CVE
Author: fw Date: 2016-10-03 17:04:44 + (Mon, 03 Oct 2016) New Revision: 45006 Modified: data/CVE/list Log: Summary: CVE-2016-1246 is low Caught by _FORTIFY_SOURCE=2 (verified on jessie). Modified: data/CVE/list === --- data/CVE/list 2016-10-03 15:53:26 UTC (rev 45005) +++ data/CVE/list 2016-10-03 17:04:44 UTC (rev 45006) @@ -23349,7 +23349,7 @@ RESERVED CVE-2016-1246 RESERVED - - libdbd-mysql-perl 4.037-1 + - libdbd-mysql-perl 4.037-1 (low) NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2 (4.037) CVE-2016-1245 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r44969 - data
Author: fw Date: 2016-10-02 20:50:13 + (Sun, 02 Oct 2016) New Revision: 44969 Modified: data/dsa-needed.txt Log: Summary: nspr needs an update as well Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-10-02 20:09:40 UTC (rev 44968) +++ data/dsa-needed.txt 2016-10-02 20:50:13 UTC (rev 44969) @@ -29,6 +29,8 @@ -- linux -- +nspr (fw) +-- nss (fw) -- php5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r44968 - data/CVE
Author: fw Date: 2016-10-02 20:09:40 + (Sun, 02 Oct 2016) New Revision: 44968 Modified: data/CVE/list Log: Summary: nspr, nss unprotected environment variables Modified: data/CVE/list === --- data/CVE/list 2016-10-02 18:43:44 UTC (rev 44967) +++ data/CVE/list 2016-10-02 20:09:40 UTC (rev 44968) @@ -1,3 +1,8 @@ +CVE-2016- [nspr, nss: unprotected environment variables] + - nspr 2:4.12-1 (low) + - nss 2:3.23-1 (low) + NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22.1_release_notes + NOTE: http://www.openwall.com/lists/oss-security/2016/10/02/4 CVE-2016- [ghostscript: various sandbox escapes] - ghostscript (high; bug #839260) NOTE: http://www.openwall.com/lists/oss-security/2016/09/29/3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r44949 - data/CVE
Author: fw Date: 2016-09-30 21:42:18 + (Fri, 30 Sep 2016) New Revision: 44949 Modified: data/CVE/list Log: Summary: New ghostscript issues Modified: data/CVE/list === --- data/CVE/list 2016-09-30 21:35:43 UTC (rev 44948) +++ data/CVE/list 2016-09-30 21:42:18 UTC (rev 44949) @@ -1,3 +1,8 @@ +CVE-2016- [ghostscript: various sandbox escapes] + - ghostscript (high; bug #839260) + NOTE: http://www.openwall.com/lists/oss-security/2016/09/29/3 + NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697169 + NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697178 CVE-2016-8390 RESERVED CVE-2016-8389 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r44945 - in data: CVE DSA
Author: fw Date: 2016-09-30 19:15:50 + (Fri, 30 Sep 2016) New Revision: 44945 Modified: data/CVE/list data/DSA/list Log: DSA-3682-1 c-ares Unstable has already been fixed. Modified: data/CVE/list === --- data/CVE/list 2016-09-30 16:48:52 UTC (rev 44944) +++ data/CVE/list 2016-09-30 19:15:50 UTC (rev 44945) @@ -10195,7 +10195,7 @@ RESERVED CVE-2016-5180 [c-ares: OOB write in ares_create_query and ares_mkquery] RESERVED - - c-ares (medium; bug #839151) + - c-ares 1.12.0-1 (medium; bug #839151) NOTE: https://c-ares.haxx.se/adv_20160929.html NOTE: https://c-ares.haxx.se/CVE-2016-5180.patch CVE-2016-5179 Modified: data/DSA/list === --- data/DSA/list 2016-09-30 16:48:52 UTC (rev 44944) +++ data/DSA/list 2016-09-30 19:15:50 UTC (rev 44945) @@ -1,3 +1,6 @@ +[30 Sep 2016] DSA-3682-1 c-ares - security update + {CVE-2016-5180} + [jessie] - c-ares 1.10.0-2+deb8u1 [29 Sep 2016] DSA-3681-1 wordpress - security update {CVE-2016-4029 CVE-2016-6634 CVE-2016-6635 CVE-2016-7168 CVE-2016-7169} [jessie] - wordpress 4.1+dfsg-1+deb8u10 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r44928 - data/DSA
Author: fw Date: 2016-09-27 18:41:43 + (Tue, 27 Sep 2016) New Revision: 44928 Modified: data/DSA/list Log: DSA-3680-1 bind9 Modified: data/DSA/list === --- data/DSA/list 2016-09-27 18:20:48 UTC (rev 44927) +++ data/DSA/list 2016-09-27 18:41:43 UTC (rev 44928) @@ -1,3 +1,6 @@ +[27 Sep 2016] DSA-3680-1 bind9 - security update + {CVE-2016-2775 CVE-2016-2776} + [jessie] - bind9 1:9.9.5.dfsg-9+deb8u7 [27 Sep 2016] DSA-3679-1 jackrabbit - security update {CVE-2016-6801} [jessie] - jackrabbit 2.3.6-1+deb8u2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r44926 - data/CVE
Author: fw Date: 2016-09-27 17:24:53 + (Tue, 27 Sep 2016) New Revision: 44926 Modified: data/CVE/list Log: Summary: CVE-2016-2776 bind9 Modified: data/CVE/list === --- data/CVE/list 2016-09-27 13:17:45 UTC (rev 44925) +++ data/CVE/list 2016-09-27 17:24:53 UTC (rev 44926) @@ -17350,8 +17350,9 @@ RESERVED CVE-2016-2777 REJECTED -CVE-2016-2776 +CVE-2016-2776 [BIND assertion failure due to crafted query] RESERVED + - bind9 (bug #839010) CVE-2016-2775 (ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x ...) - bind9 (bug #831796) [jessie] - bind9 (Minor issue; lwresd not commonly used) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r44922 - data/DSA
Author: fw Date: 2016-09-27 10:27:51 + (Tue, 27 Sep 2016) New Revision: 44922 Modified: data/DSA/list Log: Summary: DSA-3679-1 jackrabbit Modified: data/DSA/list === --- data/DSA/list 2016-09-27 10:26:00 UTC (rev 44921) +++ data/DSA/list 2016-09-27 10:27:51 UTC (rev 44922) @@ -1,3 +1,6 @@ +[27 Sep 2016] DSA-3679-1 jackrabbit - security update + {CVE-2016-6801} + [jessie] - jackrabbit 2.3.6-1+deb8u2 [26 Sep 2016] DSA-3678-1 python-django - security update {CVE-2016-7401} [jessie] - python-django 1.7.11-1+deb8u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40957 - data/DSA
Author: fw Date: 2016-04-16 20:59:07 + (Sat, 16 Apr 2016) New Revision: 40957 Modified: data/DSA/list Log: DSA-3551-1 fuseiso Modified: data/DSA/list === --- data/DSA/list 2016-04-16 15:51:08 UTC (rev 40956) +++ data/DSA/list 2016-04-16 20:59:07 UTC (rev 40957) @@ -1,3 +1,6 @@ +[16 Apr 2016] DSA-3551-1 fuseiso - security update + {CVE-2015-8836 CVE-2015-8837} + [wheezy] - fuseiso 20070708-3+deb7u1 [15 Apr 2016] DSA-3550-1 openssh - security update {CVE-2015-8325} [wheezy] - openssh 1:6.0p1-4+deb7u4 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r37902 - data/DSA
Author: fw Date: 2015-11-25 21:24:22 + (Wed, 25 Nov 2015) New Revision: 37902 Modified: data/DSA/list Log: DSA-3405-1 smokeping Modified: data/DSA/list === --- data/DSA/list 2015-11-25 21:10:12 UTC (rev 37901) +++ data/DSA/list 2015-11-25 21:24:22 UTC (rev 37902) @@ -1,3 +1,7 @@ +[25 Nov 2015] DSA-3405-1 smokeping - security update + {CVE-2015-0859} + [wheezy] - smokeping 2.6.8-2+deb7u1 + [jessie] - smokeping 2.6.9-1+deb8u1 [25 Nov 2015] DSA-3404-1 python-django - security update {CVE-2015-8213} [wheezy] - python-django 1.4.5-1+deb7u14 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r37536 - in data: . DSA
Author: fw Date: 2015-11-03 20:59:53 + (Tue, 03 Nov 2015) New Revision: 37536 Modified: data/DSA/list data/dsa-needed.txt Log: DSA-3391-1 php-horde Modified: data/DSA/list === --- data/DSA/list 2015-11-03 20:43:59 UTC (rev 37535) +++ data/DSA/list 2015-11-03 20:59:53 UTC (rev 37536) @@ -1,3 +1,5 @@ +[03 Nov 2015] DSA-3391-1 php-horde - security update + [jessie] - php-horde 5.2.1+debian0-2+deb8u2 [02 Nov 2015] DSA-3355-2 libvdpau - regression update [jessie] - libvdpau 0.8-3+deb8u2 [02 Nov 2015] DSA-3390-1 xen - security update Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2015-11-03 20:43:59 UTC (rev 37535) +++ data/dsa-needed.txt 2015-11-03 20:59:53 UTC (rev 37536) @@ -55,9 +55,6 @@ -- pdns/oldstable -- -php-horde - Maintainer prepared update --- smarty3 -- squid/oldstable ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r37490 - in data: . DSA
Author: fw Date: 2015-11-01 21:03:25 + (Sun, 01 Nov 2015) New Revision: 37490 Modified: data/DSA/list data/dsa-needed.txt Log: DSA-3387-1 openafs Modified: data/DSA/list === --- data/DSA/list 2015-11-01 17:13:28 UTC (rev 37489) +++ data/DSA/list 2015-11-01 21:03:25 UTC (rev 37490) @@ -1,3 +1,7 @@ +[01 Nov 2015] DSA-3387-1 openafs - security update + {CVE-2015-7762 CVE-2015-7763} + [wheezy] - openafs 1.6.1-3+deb7u5 + [jessie] - openafs 1.6.9-2+deb8u4 [31 Oct 2015] DSA-3386-1 unzip - security update {CVE-2015-7696 CVE-2015-7697} [wheezy] - unzip 6.0-8+deb7u4 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2015-11-01 17:13:28 UTC (rev 37489) +++ data/dsa-needed.txt 2015-11-01 21:03:25 UTC (rev 37490) @@ -51,9 +51,6 @@ -- ntp -- -openafs - Maintainer can prepare updated packages --- openjdk-6 (jmm) -- openswan (corsac) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r37376 - data/CVE
Author: fw Date: 2015-10-27 18:10:14 + (Tue, 27 Oct 2015) New Revision: 37376 Modified: data/CVE/list Log: CVE-2015-7803 CVE-2015-7804: update severity Modified: data/CVE/list === --- data/CVE/list 2015-10-27 17:35:39 UTC (rev 37375) +++ data/CVE/list 2015-10-27 18:10:14 UTC (rev 37376) @@ -605,11 +605,11 @@ NOTE: http://symfony.com/blog/security-release-twig-1-20-0 CVE-2015-7804 [Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"] RESERVED - - php5 5.6.14+dfsg-1 + - php5 5.6.14+dfsg-1 (medium) NOTE: https://bugs.php.net/bug.php?id=70433 CVE-2015-7803 [Null pointer dereference in phar_get_fp_offset()] RESERVED - - php5 5.6.14+dfsg-1 + - php5 5.6.14+dfsg-1 (low) NOTE: https://bugs.php.net/bug.php?id=69720 CVE-2015-7764 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r37377 - in data: . DSA
Author: fw Date: 2015-10-27 18:29:01 + (Tue, 27 Oct 2015) New Revision: 37377 Modified: data/DSA/list data/dsa-needed.txt Log: DSA-3380-1 php5 Modified: data/DSA/list === --- data/DSA/list 2015-10-27 18:10:14 UTC (rev 37376) +++ data/DSA/list 2015-10-27 18:29:01 UTC (rev 37377) @@ -1,3 +1,7 @@ +[27 Oct 2015] DSA-3380-1 php5 - security update + {CVE-2015-7803 CVE-2015-7804} + [wheezy] - php5 5.4.45-0+deb7u2 + [jessie] - php5 5.6.14+dfsg-0+deb8u1 [25 Oct 2015] DSA-3379-1 miniupnpc - security update {CVE-2015-6031} [wheezy] - miniupnpc 1.5-2+deb7u1 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2015-10-27 18:10:14 UTC (rev 37376) +++ data/dsa-needed.txt 2015-10-27 18:29:01 UTC (rev 37377) @@ -63,9 +63,6 @@ -- pdns/oldstable -- -php5 - Maintainer proposed updates for wheezy- and jessie-security --- phpmyadmin (thijs) -- smarty3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r37114 - data/CVE
Author: fw Date: 2015-10-14 18:19:04 + (Wed, 14 Oct 2015) New Revision: 37114 Modified: data/CVE/list Log: CVE-2015-0856 sddm Modified: data/CVE/list === --- data/CVE/list 2015-10-14 14:30:29 UTC (rev 37113) +++ data/CVE/list 2015-10-14 18:19:04 UTC (rev 37114) @@ -19866,8 +19866,10 @@ RESERVED CVE-2015-0857 RESERVED -CVE-2015-0856 +CVE-2015-0856 [sddm: prevent KDE's crash handler from kicking in] RESERVED + - sddm (low) + NOTE: https://github.com/sddm/sddm/commit/4cfed6b0a625593 CVE-2015-0855 RESERVED CVE-2015-0854 [Insecure use of system()] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r36428 - data/CVE
Author: fw Date: 2015-09-02 20:52:50 + (Wed, 02 Sep 2015) New Revision: 36428 Modified: data/CVE/list Log: CVE-2015-5738 openssl not-affected Modified: data/CVE/list === --- data/CVE/list 2015-09-02 16:54:41 UTC (rev 36427) +++ data/CVE/list 2015-09-02 20:52:50 UTC (rev 36428) @@ -2401,8 +2401,9 @@ RESERVED CVE-2015-5742 RESERVED -CVE-2015-5738 +CVE-2015-5738 [RSA-CRT key leak in custom version of OpenSSL] RESERVED + - openssl (OpenSSL upstream is not affected) CVE-2015-5959 RESERVED - froxlor (bug #581792) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r36389 - org
Author: fw Date: 2015-08-31 18:57:36 + (Mon, 31 Aug 2015) New Revision: 36389 Modified: org/security-frontdesk.2015.txt Log: Summary: Volunteering for the frontdesk Modified: org/security-frontdesk.2015.txt === --- org/security-frontdesk.2015.txt 2015-08-31 10:31:08 UTC (rev 36388) +++ org/security-frontdesk.2015.txt 2015-08-31 18:57:36 UTC (rev 36389) @@ -40,7 +40,7 @@ From 05-10 to 11-10:geissert From 12-10 to 18-10:corsac From 19-10 to 25-10:thijs -From 26-10 to 01-11: +From 26-10 to 01-11:fw From 02-11 to 08-11: From 09-11 to 15-11: From 16-11 to 22-11: ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r36286 - data/CVE
Author: fw Date: 2015-08-25 08:36:10 + (Tue, 25 Aug 2015) New Revision: 36286 Modified: data/CVE/list Log: CVE-2015-5229 glibc eglibc is specific to RHEL 6.7 Modified: data/CVE/list === --- data/CVE/list 2015-08-25 08:34:43 UTC (rev 36285) +++ data/CVE/list 2015-08-25 08:36:10 UTC (rev 36286) @@ -3403,9 +3403,8 @@ RESERVED CVE-2015-5229 [could return memory areas which contain non-zero bytes] RESERVED - - glibc unfixed - - eglibc removed - TODO: check + - glibc not-affected (RHEL-specific backport) + - eglibc not-affected (RHEL-specific backport) CVE-2015-5228 RESERVED CVE-2015-5227 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r36070 - data/CVE
Author: fw Date: 2015-08-14 18:45:08 + (Fri, 14 Aug 2015) New Revision: 36070 Modified: data/CVE/list Log: Summary: CVE-2015-5180 is low Modified: data/CVE/list === --- data/CVE/list 2015-08-14 18:01:04 UTC (rev 36069) +++ data/CVE/list 2015-08-14 18:45:08 UTC (rev 36070) @@ -2041,9 +2041,9 @@ RESERVED CVE-2015-5180 [DNS resolver NULL pointer dereference with crafted record type] RESERVED - - glibc unfixed + - glibc unfixed (low) [jessie] - glibc no-dsa (Minor issue) - - eglibc removed + - eglibc removed (low) [wheezy] - eglibc no-dsa (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18784 CVE-2015-5179 [non-printable characters aren't check in every case of user data] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r36073 - /
Author: fw Date: 2015-08-14 18:51:57 + (Fri, 14 Aug 2015) New Revision: 36073 Modified: Makefile Log: Summary: Makefile: Remove sparc from the sid architecture list Modified: Makefile === --- Makefile2015-08-14 18:49:49 UTC (rev 36072) +++ Makefile2015-08-14 18:51:57 UTC (rev 36073) @@ -11,7 +11,7 @@ wheezy_ARCHS = amd64 armel armhf i386 ia64 mips mipsel powerpc s390 s390x sparc kfreebsd-i386 kfreebsd-amd64 jessie_ARCHS = amd64 arm64 armel armhf i386 mips mipsel powerpc ppc64el s390x stretch_ARCHS = amd64 arm64 armel armhf i386 mips mipsel powerpc ppc64el s390x -sid_ARCHS = amd64 arm64 armel armhf hurd-i386 i386 kfreebsd-i386 kfreebsd-amd64 mips mipsel powerpc ppc64el s390x sparc +sid_ARCHS = amd64 arm64 armel armhf hurd-i386 i386 kfreebsd-i386 kfreebsd-amd64 mips mipsel powerpc ppc64el s390x OLDOLDSTABLE = squeeze OLDSTABLE= wheezy ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r36074 - doc
Author: fw Date: 2015-08-14 19:13:25 + (Fri, 14 Aug 2015) New Revision: 36074 Modified: doc/soriano.txt Log: Summary: soriano: Mention .curlrc Modified: doc/soriano.txt === --- doc/soriano.txt 2015-08-14 18:51:57 UTC (rev 36073) +++ doc/soriano.txt 2015-08-14 19:13:25 UTC (rev 36074) @@ -37,6 +37,10 @@ ca-certificate=/etc/ssl/ca-global/ca-certificates.crt +~sectracker/.curlrc contains a similar setting: + +capath=/etc/ssl/ca-global + Web server -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r35547 - in data: CVE DSA
Author: fw Date: 2015-07-18 12:13:25 + (Sat, 18 Jul 2015) New Revision: 35547 Modified: data/CVE/list data/DSA/list Log: CVE-2014-8873 DSA-3235-1 in openjdk-7, openjdk-8 Modified: data/CVE/list === --- data/CVE/list 2015-07-18 11:22:09 UTC (rev 35546) +++ data/CVE/list 2015-07-18 12:13:25 UTC (rev 35547) @@ -17963,8 +17963,18 @@ NOT-FOR-US: Revive Adserver CVE-2014-8874 (The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses ...) NOT-FOR-US: TYPO3 Extension ke_questionnaire -CVE-2014-8873 +CVE-2014-8873 [MIME type registration for JAR files in the Debian OpenJDK packages enable user-initiated remote code execution] RESERVED + - openjdk-8 8u45-b14-1 (high) + - openjdk-7 7u79-2.5.5-1 (high) + - openjdk-6 removed (high) + [squeeze] - openjdk-6 not-affected (MIME type setting is harmless on squeeze) + [wheezy] - openjdk-6 not-affected (MIME type setting is harmless on wheezy) + [squeeze] - openjdk-7 not-affected (MIME type setting is harmless on this squeeze) + [wheezy] - openjdk-7 not-affected (MIME type setting is harmless on wheezy) + NOTE: Starting with mime-support 3.53, MimeType entries in desktop + NOTE: files end up in /etc/mailcap, which introduces the user-initiated + NOTE: code execution. CVE-2014-8872 RESERVED CVE-2014-8871 Modified: data/DSA/list === --- data/DSA/list 2015-07-18 11:22:09 UTC (rev 35546) +++ data/DSA/list 2015-07-18 12:13:25 UTC (rev 35547) @@ -267,7 +267,7 @@ [wheezy] - libreoffice 1:3.5.4+dfsg2-0+deb7u4 [jessie] - libreoffice 1:4.3.3-2+deb8u1 [24 Apr 2015] DSA-3235-1 openjdk-7 - security update - {CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488} + {CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2014-8873} [wheezy] - openjdk-7 7u79-2.5.5-1~deb7u1 [jessie] - openjdk-7 7u79-2.5.5-1~deb8u1 [24 Apr 2015] DSA-3234-1 openjdk-6 - security update ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r34565 - bin lib/python
Author: fw Date: 2015-05-28 20:29:44 + (Thu, 28 May 2015) New Revision: 34565 Modified: bin/tracker_service.py lib/python/security_db.py Log: /data/json: Work around performance issue due to SQLite planner change Modified: bin/tracker_service.py === --- bin/tracker_service.py 2015-05-28 18:38:21 UTC (rev 34564) +++ bin/tracker_service.py 2015-05-28 20:29:44 UTC (rev 34565) @@ -1271,9 +1271,8 @@ SELECT sp.name, st.bug_name, (SELECT cve_desc FROM nvd_data WHERE cve_name = st.bug_name), -(SELECT debian_cve.bug FROM debian_cve -WHERE debian_cve.bug_name = st.bug_name -ORDER BY debian_cve.bug), +(SELECT MIN(debian_cve.bug) FROM debian_cve +WHERE debian_cve.bug_name = st.bug_name), sp.release, sp.subrelease, sp.version, (SELECT pn.fixed_version FROM package_notes AS pn Modified: lib/python/security_db.py === --- lib/python/security_db.py 2015-05-28 18:38:21 UTC (rev 34564) +++ lib/python/security_db.py 2015-05-28 20:29:44 UTC (rev 34565) @@ -518,11 +518,10 @@ cursor.execute( CREATE TEMPORARY VIEW debian_cve AS -SELECT DISTINCT debian_bugs.bug, st.bug_name +SELECT debian_bugs.bug, st.bug_name FROM package_notes, debian_bugs, source_package_status AS st WHERE package_notes.bug_name = st.bug_name -AND debian_bugs.note = package_notes.id -ORDER BY debian_bugs.bug) +AND debian_bugs.note = package_notes.id) def _initFunctions(self): Registers user-defined SQLite functions. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r34474 - bin lib/python
Author: fw Date: 2015-05-24 19:36:19 + (Sun, 24 May 2015) New Revision: 34474 Modified: bin/tracker_service.py lib/python/security_db.py Log: Introduce named tuples BugsForSourcePackage, DSAsForSourcePackage Modified: bin/tracker_service.py === --- bin/tracker_service.py 2015-05-24 17:30:17 UTC (rev 34473) +++ bin/tracker_service.py 2015-05-24 19:36:19 UTC (rev 34474) @@ -587,8 +587,8 @@ self.db.cursor(), pkg): yield release, version def gen_bug_list(lst): -for (bug, description) in lst: -yield self.make_xref(url, bug), description +for bug in lst: +yield self.make_xref(url, bug.bug), bug.description suites = () for (release, version) in self.db.getSourcePackageVersions( @@ -597,10 +597,10 @@ suites = suites + (release,) def gen_summary(bugs): -for (bug, description) in bugs: +for bug in bugs: status = {} for (package, releases, version, vulnerable) \ -in self.db.getSourcePackages(self.db.cursor(), bug): +in self.db.getSourcePackages(self.db.cursor(), bug.bug): for release in releases: if package == pkg: if vulnerable == 1: @@ -615,7 +615,8 @@ status_row = status_row + (status[release],) else: status_row = status_row + (self.make_purple('unknown'),) -yield (self.make_xref(url, bug),) + status_row + (description,) +yield (self.make_xref(url, bug.bug),) + status_row \ ++ (bug.description,) return self.create_page( url, 'Information on source package ' + pkg, Modified: lib/python/security_db.py === --- lib/python/security_db.py 2015-05-24 17:30:17 UTC (rev 34473) +++ lib/python/security_db.py 2015-05-24 19:36:19 UTC (rev 34474) @@ -39,6 +39,8 @@ import types import zlib +from collections import namedtuple + import debian_support import dist_config @@ -98,6 +100,21 @@ The caller is expected to remove and regenerate the database. +def getBugsForSourcePackage(self, cursor, pkg, vulnerable, unimportant): +Returns a generator for a list of (BUG, DESCRIPTION) pairs +which have the requested status. Only bugs affecting supported +releases are returned. + +# Returned by DB.getBugsForSourcePackage(). +BugsForSourcePackage = namedtuple( +BugsForSourcePackage, +bug description) + +# Returned by DB.getDSAsForSourcePackage(). +DSAsForSourcePackage = namedtuple( +DSAsForSourcePackage, +bug description) + class DB: Access to the security database. @@ -1719,10 +1736,11 @@ return flag def getBugsForSourcePackage(self, cursor, pkg, vulnerable, unimportant): -Returns a generator for a list of (BUG, DESCRIPTION) pairs -which have the requested status. Only bugs affecting supported -releases are returned. -return cursor.execute( +Returns a generator for BugsForSourcePackage named tuples which +have the requested status. Only bugs affecting supported +releases are returned. + +for row in cursor.execute( SELECT DISTINCT name, description FROM (SELECT bugs.name AS name, bugs.description AS description, MAX(st.vulnerable @@ -1742,16 +1760,18 @@ AND (bugs.name LIKE 'CVE-%' OR bugs.name LIKE 'TEMP-%') GROUP BY bugs.name, bugs.description, sp.name) WHERE vulnerable = ? AND unimportant = ? -ORDER BY name DESC, (pkg, vulnerable, unimportant)) +ORDER BY name DESC, (pkg, vulnerable, unimportant)): +yield BugsForSourcePackage(*row) def getDSAsForSourcePackage(self, cursor, package): -return cursor.execute( +for row in cursor.execute( SELECT bugs.name, bugs.description FROM bugs, package_notes as p WHERE p.bug_name = bugs.name AND ( bugs.name LIKE 'DSA-%' OR bugs.name LIKE 'DLA-%') AND p.package = ? -ORDER BY bugs.release_date DESC, (package,)) +ORDER BY bugs.release_date DESC, (package,)): +yield DSAsForSourcePackage(*row) def getTODOs(self, cursor=None, hide_check=False): ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33091 - data/CVE
Author: fw Date: 2015-03-23 19:28:58 + (Mon, 23 Mar 2015) New Revision: 33091 Modified: data/CVE/list Log: CVE-2015-0841 libcapsinetwork monopd Modified: data/CVE/list === --- data/CVE/list 2015-03-23 19:22:36 UTC (rev 33090) +++ data/CVE/list 2015-03-23 19:28:58 UTC (rev 33091) @@ -4701,8 +4701,14 @@ RESERVED CVE-2015-0842 RESERVED -CVE-2015-0841 +CVE-2015-0841 [off-by-one buffer overflow in Listener::checkActivity in libcapsinetwork/monopd] RESERVED + - libcapsinetwork unfixed (bug #781044; low) + - monopd unfixed (bug #781043; low) + [squeeze] - libcapsinetwork no-dsa (not exploitable with dlmalloc) + [wheezy] - libcapsinetwork no-dsa (not exploitable with dlmalloc) + [squeeze] - monopd no-dsa (not exploitable with dlmalloc) + [wheezy] - monopd no-dsa (not exploitable with dlmalloc) CVE-2015-0840 RESERVED CVE-2015-0839 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32433 - data/CVE
Author: fw Date: 2015-02-23 11:45:02 + (Mon, 23 Feb 2015) New Revision: 32433 Modified: data/CVE/list Log: CVE-2014-8121 glibc Modified: data/CVE/list === --- data/CVE/list 2015-02-23 11:25:14 UTC (rev 32432) +++ data/CVE/list 2015-02-23 11:45:02 UTC (rev 32433) @@ -9685,8 +9685,10 @@ NOTE: up to 2014.1.3 and 2014.2 version up to 2014.2.1 CVE-2014-8122 (Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 ...) NOT-FOR-US: JBoss Weld -CVE-2014-8121 +CVE-2014-8121 [glibc: nss_files file management issue causes Samba infinite loop] RESERVED + - glibc unfixed (low) + - eglibc removed (low) CVE-2014-8120 (The agent in Thermostat before 1.0.6, when using unspecified ...) NOT-FOR-US: Thermostat Hotspot instrumentation CVE-2014-8119 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32330 - data/CVE
Author: fw Date: 2015-02-18 21:23:42 + (Wed, 18 Feb 2015) New Revision: 32330 Modified: data/CVE/list Log: CVE-2015-1349: bind9 Modified: data/CVE/list === --- data/CVE/list 2015-02-18 21:13:10 UTC (rev 32329) +++ data/CVE/list 2015-02-18 21:23:42 UTC (rev 32330) @@ -1514,8 +1514,9 @@ NOT-FOR-US: sequelize CVE-2015-1354 RESERVED -CVE-2015-1349 +CVE-2015-1349 [bind9 crash in trust anchor management] RESERVED + - bind9 unfixed (low) CVE-2015-1348 (Heap-based buffer overflow in Aruba Instant (IAP) with firmware before ...) NOT-FOR-US: Aruba Instant CVE-2015-1347 (Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32329 - data/DSA
Author: fw Date: 2015-02-18 21:13:10 + (Wed, 18 Feb 2015) New Revision: 32329 Modified: data/DSA/list Log: DSA-3162-1 bind9 Modified: data/DSA/list === --- data/DSA/list 2015-02-18 21:10:15 UTC (rev 32328) +++ data/DSA/list 2015-02-18 21:13:10 UTC (rev 32329) @@ -1,3 +1,6 @@ +[18 Feb 2015] DSA-3162-1 bind9 - security update + {CVE-2015-1349} + [wheezy] - bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u4 [11 Feb 2015] DSA-3161-1 dbus - security update {CVE-2015-0245} [wheezy] - dbus 1.6.8-1+deb7u6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31738 - data/CVE
Author: fw Date: 2015-01-27 15:19:29 + (Tue, 27 Jan 2015) New Revision: 31738 Modified: data/CVE/list Log: CVE-2015-0235 glibc, eglibc Modified: data/CVE/list === --- data/CVE/list 2015-01-27 12:58:43 UTC (rev 31737) +++ data/CVE/list 2015-01-27 15:19:29 UTC (rev 31738) @@ -4765,8 +4765,11 @@ NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=b347c0c2a321ec5c20aae214927949832a288c5a NOTE: Introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=e341435e5090677c67a0d3d4ca0393102054841f (v1.1.0-rc1) NOTE: http://security.libvirt.org/2015/0001.html -CVE-2015-0235 +CVE-2015-0235 [glibc: buffer overflow in gethostbyname] RESERVED + - eglibc 2.18-1 (high) + - glibc 2.18-1 (high) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=15014 CVE-2015-0234 RESERVED - dogtag-pki unfixed (unimportant) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31739 - data/DSA
Author: fw Date: 2015-01-27 15:21:30 + (Tue, 27 Jan 2015) New Revision: 31739 Modified: data/DSA/list Log: DSA-3142-1 eglibc Modified: data/DSA/list === --- data/DSA/list 2015-01-27 15:19:29 UTC (rev 31738) +++ data/DSA/list 2015-01-27 15:21:30 UTC (rev 31739) @@ -1,3 +1,6 @@ +[27 Jan 2015] DSA-3142-1 eglibc - security update + {CVE-2012-6656 CVE-2014-6040 CVE-2014-7817 CVE-2015-0235} + [wheezy] - eglibc 2.13-38+deb7u7 [27 Jan 2015] DSA-3141-1 wireshark - security update {CVE-2015-0562 CVE-2015-0564} [wheezy] - wireshark 1.8.2-5wheezy14 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31490 - lib/python
Author: fw Date: 2015-01-18 11:00:10 + (Sun, 18 Jan 2015) New Revision: 31490 Modified: lib/python/security_db.py Log: security_db.Db.getUnreportedVulnerabilities(): New method Modified: lib/python/security_db.py === --- lib/python/security_db.py 2015-01-18 10:50:18 UTC (rev 31489) +++ lib/python/security_db.py 2015-01-18 11:00:10 UTC (rev 31490) @@ -1845,6 +1845,35 @@ st.bug_name 'TEMP-' AND st.bug_name LIKE 'TEMP-%' ORDER BY st.bug_name,(vulnerability,))) +def getUnreportedVulnerabilities(self, cursor=None): +Returns a list of pairs (BUG_NAME, DESCRIPTION) +of vulnerabilities which are unfixed in unstable and lack a filed bug. + +if cursor is None: +cursor = self.cursor() +last_bug = None +result = [] +for bug, pkg in cursor.execute( +SELECT DISTINCT source_package_status.bug_name, source_packages.name + FROM source_packages + JOIN source_package_status +ON source_packages.rowid = source_package_status.package + JOIN package_notes +ON source_packages.name = package_notes.package + AND package_notes.bug_name = source_package_status.bug_name + AND source_packages.release = 'sid' + AND package_notes.release = '' + WHERE source_package_status.bug_name LIKE 'CVE-%' + AND package_notes.urgency 'unimportant' + AND package_notes.rowid NOT IN (SELECT note FROM debian_bugs) + AND source_package_status.vulnerable + ORDER BY source_package_status.bug_name, source_packages.name): +if last_bug is None or last_bug bug: +last_bug = bug +result.append((bug, [])) +result[-1][1].append(pkg) +return result + def getITPs(self, cursor): Returns a generator for a list of unknown packages. Each entry has the form (PACKAGE, BUG-LIST, DEBIAN-BUG-LIST). ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31491 - bin
Author: fw Date: 2015-01-18 11:00:40 + (Sun, 18 Jan 2015) New Revision: 31491 Modified: bin/tracker_service.py Log: tracker_serve.py: New page status/unreported Modified: bin/tracker_service.py === --- bin/tracker_service.py 2015-01-18 11:00:10 UTC (rev 31490) +++ bin/tracker_service.py 2015-01-18 11:00:40 UTC (rev 31491) @@ -129,6 +129,7 @@ self.register('status/undetermined', self.page_status_undetermined) self.register('status/unimportant', self.page_status_unimportant) self.register('status/itp', self.page_status_itp) +self.register('status/unreported', self.page_status_unreported) self.register('data/unknown-packages', self.page_data_unknown_packages) self.register('data/missing-epochs', self.page_data_missing_epochs) self.register('data/latently-vulnerable', @@ -212,6 +213,7 @@ ('status/undetermined', 'Packages that may be vulnerable but need to be checked (undetermined issues)'), ('status/unimportant', 'Packages that have open unimportant issues'), ('status/itp', 'ITPs with potential security issues'), +('status/unreported', 'Open vulnerabilities without filed Debian bugs'), ('data/unknown-packages', 'Packages names not found in the archive'), ('data/fake-names', 'Tracked issues without a CVE name'), @@ -1015,6 +1017,18 @@ [make_table(gen(), caption=(Package, Issue, Debian Bugs), replacement=No ITP bugs are currently known.)]) +def page_status_unreported(self, path, params, url): +def gen(): +for (bug, packages) in self.db.getUnreportedVulnerabilities(): +pkgs = make_list([self.make_source_package_ref(url, pkg) + for pkg in packages], , ) +yield self.make_xref(url, bug), pkgs +return self.create_page( +url, Unfixed vulnerabilities in unstable without a filed bug, +[P(The list below contains vulnerabilities for which no matching +Debian bug has been filed, and there is still an unfixed package in sid.), + make_table(gen(), caption=(Bug, Packages))]) + def page_data_unknown_packages(self, path, params, url): def gen(): for name, bugs in self.db.getUnknownPackages(self.db.cursor()): ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31416 - org
Author: fw Date: 2015-01-17 09:54:45 + (Sat, 17 Jan 2015) New Revision: 31416 Modified: org/agenda-2015.txt Log: List docker.io as a problematic package Modified: org/agenda-2015.txt === --- org/agenda-2015.txt 2015-01-17 09:54:10 UTC (rev 31415) +++ org/agenda-2015.txt 2015-01-17 09:54:45 UTC (rev 31416) @@ -105,6 +105,7 @@ == - Discuss list of open problematic packages (if not resolved by then) + * Docker - Start getting required in place for jessie-security: - buildds ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31436 - doc
Author: fw Date: 2015-01-17 17:04:18 + (Sat, 17 Jan 2015) New Revision: 31436 Modified: doc/soler.txt Log: Document the Subversion backup Modified: doc/soler.txt === --- doc/soler.txt 2015-01-17 17:01:04 UTC (rev 31435) +++ doc/soler.txt 2015-01-17 17:04:18 UTC (rev 31436) @@ -87,3 +87,11 @@ /org/security-tracker.debian.org/website/secure-testing/data. Code changes need to be applied manually, using svn update, and a service restart (see above). + +Subversion repository mirror + + +The Subversion repository is mirrored (including history) using +svnsync, to the /org/security-tracker.debian.org/subversion-backup +directory. The sectracker crontab contains an entry which runs +svnsync periodically. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31463 - data/CVE
Author: fw Date: 2015-01-17 22:44:19 + (Sat, 17 Jan 2015) New Revision: 31463 Modified: data/CVE/list Log: cronie is only in experimental Modified: data/CVE/list === --- data/CVE/list 2015-01-17 22:41:20 UTC (rev 31462) +++ data/CVE/list 2015-01-17 22:44:19 UTC (rev 31463) @@ -47711,7 +47711,7 @@ [squeeze] - moodle no-dsa (Minor issue) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2 CVE-2012-6097 (File descriptor leak in cronie 1.4.8, when running in certain ...) - - cronie unfixed (low; bug #697811) + [experimental] - cronie unfixed (low; bug #697811) NOTE: Only present in experimental NOTE: https://bugzilla.novell.com/show_bug.cgi?id=786096 CVE-2012-6096 (Multiple stack-based buffer overflows in the get_history function in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31441 - data/packages
Author: fw Date: 2015-01-17 18:38:00 + (Sat, 17 Jan 2015) New Revision: 31441 Modified: data/packages/removed-packages Log: juju is no longer in the archive Modified: data/packages/removed-packages === --- data/packages/removed-packages 2015-01-17 18:31:27 UTC (rev 31440) +++ data/packages/removed-packages 2015-01-17 18:38:00 UTC (rev 31441) @@ -250,3 +250,4 @@ mysql-5.1 libpam-rsa passenger +juju ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31462 - data/CVE
Author: fw Date: 2015-01-17 22:41:20 + (Sat, 17 Jan 2015) New Revision: 31462 Modified: data/CVE/list Log: apport is only in experimental Modified: data/CVE/list === --- data/CVE/list 2015-01-17 22:39:14 UTC (rev 31461) +++ data/CVE/list 2015-01-17 22:41:20 UTC (rev 31462) @@ -44092,7 +44092,7 @@ [wheezy] - cinder not-affected (Vulnerable code not present) NOTE: Requires includedir to be defined in /etc/sudoers file CVE-2013-1067 (Apport 2.12.5 and earlier uses weak permissions for core dump files ...) - - apport 2.12.6-1 (bug #727661) + [experimental] - apport 2.12.6-1 (bug #727661) NOTE: apport only in experimental, so we cannot track this in security-tracker NOTE: add it, as we have a explicit bug reference for apport CVE-2013-1066 (language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and ...) @@ -102679,7 +102679,7 @@ NOTE: encrypted home directories with ecryptfs, so no passphrase is stored in the NOTE: installer logs on disk CVE-2009-1295 (Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu ...) - - apport not-affected (Fixed before initial upload into Debian) + [experimental] - apport not-affected (Fixed before initial upload into Debian) CVE-2009-1294 (Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home ...) NOT-FOR-US: Novell Teaming CVE-2009-1293 (The web login functionality (c/portal/login) in Novell Teaming 1.0 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31458 - lib/python
Author: fw Date: 2015-01-17 22:26:24 + (Sat, 17 Jan 2015) New Revision: 31458 Modified: lib/python/debian_support.py Log: debian_support.Release: Add experimental as a pseudo-release At the start, to avoid issues with code assuming sid being last. Modified: lib/python/debian_support.py === --- lib/python/debian_support.py2015-01-17 22:04:01 UTC (rev 31457) +++ lib/python/debian_support.py2015-01-17 22:26:24 UTC (rev 31458) @@ -193,7 +193,8 @@ def listReleases(): releases = {} -rels = (potato, woody, sarge, etch, lenny, squeeze, wheezy, jessie, sid) +rels = (experimental, # For use in [brackets] in the list files. +potato, woody, sarge, etch, lenny, squeeze, wheezy, jessie, sid) for r in range(len(rels)): releases[rels[r]] = Release(rels[r], r) Release.releases = releases ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31459 - data/packages
Author: fw Date: 2015-01-17 22:35:32 + (Sat, 17 Jan 2015) New Revision: 31459 Modified: data/packages/removed-packages Log: Treat dtc as a removed package Modified: data/packages/removed-packages === --- data/packages/removed-packages 2015-01-17 22:26:24 UTC (rev 31458) +++ data/packages/removed-packages 2015-01-17 22:35:32 UTC (rev 31459) @@ -455,3 +455,6 @@ rt2500 foomatic-gui mpfr + +# Packages in experimental which used to be in other suites. +dtc ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31472 - lib/python
Author: fw Date: 2015-01-17 23:38:45 + (Sat, 17 Jan 2015) New Revision: 31472 Modified: lib/python/security_db.py Log: security_db.DB._parseFile(): Only treat Extra-Source-Only: yes as skip-worthy Modified: lib/python/security_db.py === --- lib/python/security_db.py 2015-01-17 23:37:06 UTC (rev 31471) +++ lib/python/security_db.py 2015-01-17 23:38:45 UTC (rev 31472) @@ -524,7 +524,7 @@ elif name == Architecture: pkg_arch = contents elif name == Extra-Source-Only: -pkg_extra_source_only = True +pkg_extra_source_only = contents.strip() == yes if pkg_name is None: raise SyntaxError\ (package record does not contain package name) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31461 - lib/python
Author: fw Date: 2015-01-17 22:39:14 + (Sat, 17 Jan 2015) New Revision: 31461 Modified: lib/python/security_db.py Log: security_db.DB.getUnknownPackages(): Filter out [experimental] We currently do not load package lists from the experimental source, so we cannot perform the typo check there. Modified: lib/python/security_db.py === --- lib/python/security_db.py 2015-01-17 22:37:47 UTC (rev 31460) +++ lib/python/security_db.py 2015-01-17 22:39:14 UTC (rev 31461) @@ -1809,6 +1809,7 @@ for (package, bug_name) in cursor.execute( SELECT DISTINCT package, bug_name FROM package_notes WHERE package_kind = 'unknown' +AND COALESCE (release, '') 'experimental' AND NOT EXISTS (SELECT * FROM removed_packages WHERE name = package) ORDER BY package, bug_name): ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31400 - /
Author: fw Date: 2015-01-16 20:46:55 + (Fri, 16 Jan 2015) New Revision: 31400 Modified: Makefile Log: Use the official URL for the HTTP mirror redirector Modified: Makefile === --- Makefile2015-01-16 19:43:16 UTC (rev 31399) +++ Makefile2015-01-16 20:46:55 UTC (rev 31400) @@ -5,7 +5,7 @@ # Adjust these if necessary. The architecture selection is rather # arbitrary at the moment. More architectures can be added later. -MIRROR = http://http.debian.net/debian/ +MIRROR = http://httpredir.debian.org/debian/ squeeze_ARCHS = amd64 armel i386 ia64 mips mipsel powerpc s390 sparc kfreebsd-i386 kfreebsd-amd64 squeeze_LTS_ARCHS = amd64 i386 wheezy_ARCHS = amd64 armel armhf i386 ia64 mips mipsel powerpc s390 s390x sparc kfreebsd-i386 kfreebsd-amd64 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30864 - data/DSA
Author: fw Date: 2014-12-20 18:17:58 + (Sat, 20 Dec 2014) New Revision: 30864 Modified: data/DSA/list Log: DSA-3107-1 subversion Modified: data/DSA/list === --- data/DSA/list 2014-12-20 16:40:17 UTC (rev 30863) +++ data/DSA/list 2014-12-20 18:17:58 UTC (rev 30864) @@ -1,3 +1,6 @@ +[20 Dec 2014] DSA-3107-1 subversion - security update + {CVE-2014-3580} + [wheezy] - subversion 1.6.17dfsg-4+deb7u7 [20 Dec 2014] DSA-3106-1 jasper - security update {CVE-2014-8137 CVE-2014-8138} [wheezy] - jasper 1.900.1-13+deb7u2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30869 - data/DSA
Author: fw Date: 2014-12-20 20:22:29 + (Sat, 20 Dec 2014) New Revision: 30869 Modified: data/DSA/list Log: DSA-3108-1 ntp Modified: data/DSA/list === --- data/DSA/list 2014-12-20 20:19:44 UTC (rev 30868) +++ data/DSA/list 2014-12-20 20:22:29 UTC (rev 30869) @@ -1,3 +1,6 @@ +[20 Dec 2014] DSA-3108-1 ntp - security update + {CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296} + [wheezy] - ntp 1:4.2.6.p5+dfsg-2+deb7u1 [20 Dec 2014] DSA-3107-1 subversion - security update {CVE-2014-3580} [wheezy] - subversion 1.6.17dfsg-4+deb7u7 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30871 - data/DSA
Author: fw Date: 2014-12-20 20:48:53 + (Sat, 20 Dec 2014) New Revision: 30871 Modified: data/DSA/list Log: DSA-3107-2 subversion Modified: data/DSA/list === --- data/DSA/list 2014-12-20 20:46:32 UTC (rev 30870) +++ data/DSA/list 2014-12-20 20:48:53 UTC (rev 30871) @@ -1,3 +1,5 @@ +[20 Dec 2014] DSA-3107-2 subversion - regression update + [wheezy] - subversion 1.6.17dfsg-4+deb7u8 [20 Dec 2014] DSA-3108-1 ntp - security update {CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296} [wheezy] - ntp 1:4.2.6.p5+dfsg-2+deb7u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30775 - data/DSA
Author: fw Date: 2014-12-16 17:37:24 + (Tue, 16 Dec 2014) New Revision: 30775 Modified: data/DSA/list Log: DSA-3104-1 bsd-mailx Modified: data/DSA/list === --- data/DSA/list 2014-12-16 16:02:40 UTC (rev 30774) +++ data/DSA/list 2014-12-16 17:37:24 UTC (rev 30775) @@ -1,3 +1,6 @@ +[16 Dec 2014] DSA-3104-1 bsd-mailx - security update + {CVE-2014-7844} + [wheezy] - bsd-mailx 8.1.2-0.2006cvs-1+deb7u1 [13 Dec 2014] DSA-3103-1 libyaml-libyaml-perl - security update {CVE-2014-9130} [wheezy] - libyaml-libyaml-perl 0.38-3+deb7u3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30776 - data/DSA
Author: fw Date: 2014-12-16 17:38:07 + (Tue, 16 Dec 2014) New Revision: 30776 Modified: data/DSA/list Log: DSA-3105-1 heirloom-mailx Modified: data/DSA/list === --- data/DSA/list 2014-12-16 17:37:24 UTC (rev 30775) +++ data/DSA/list 2014-12-16 17:38:07 UTC (rev 30776) @@ -1,3 +1,6 @@ +[16 Dec 2014] DSA-3105-1 heirloom-mailx - security update + {CVE-2004-2771 CVE-2014-7844} + [wheezy] - heirloom-mailx 12.5-2+deb7u1 [16 Dec 2014] DSA-3104-1 bsd-mailx - security update {CVE-2014-7844} [wheezy] - bsd-mailx 8.1.2-0.2006cvs-1+deb7u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30681 - data/DSA
Author: fw Date: 2014-12-11 20:49:27 + (Thu, 11 Dec 2014) New Revision: 30681 Modified: data/DSA/list Log: DSA-3099-1 dbus Modified: data/DSA/list === --- data/DSA/list 2014-12-11 19:07:24 UTC (rev 30680) +++ data/DSA/list 2014-12-11 20:49:27 UTC (rev 30681) @@ -1,3 +1,6 @@ +[11 Dec 2014] DSA-3099-1 dbus - security update + {CVE-2014-7824} + [wheezy] - dbus 1.6.8-1+deb7u5 [11 Dec 2014] DSA-3098-1 graphviz - security update {CVE-2014-9157} [wheezy] - graphviz 2.26.3-14+deb7u2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30480 - data/DSA
Author: fw Date: 2014-12-01 20:10:50 + (Mon, 01 Dec 2014) New Revision: 30480 Modified: data/DSA/list Log: DSA-3084-1 openvpn Modified: data/DSA/list === --- data/DSA/list 2014-12-01 18:54:03 UTC (rev 30479) +++ data/DSA/list 2014-12-01 20:10:50 UTC (rev 30480) @@ -1,3 +1,6 @@ +[01 Dec 2014] DSA-3084-1 openvpn - security update + {CVE-2014-8104} + [wheezy] - openvpn 2.2.1-8+deb7u3 [30 Nov 2014] DSA-3083-1 mutt - security update {CVE-2014-9116} [wheezy] - mutt 1.5.21-6.2+deb7u3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30431 - lib/python
Author: fw Date: 2014-11-29 10:36:07 + (Sat, 29 Nov 2014) New Revision: 30431 Modified: lib/python/web_support.py Log: lib/python/web_support.py (ThreadingHTTPServer): Actually enable threading The order of inheritance matters. With the previous order, the threading mix-in was effectively ignored. Modified: lib/python/web_support.py === --- lib/python/web_support.py 2014-11-29 09:51:01 UTC (rev 30430) +++ lib/python/web_support.py 2014-11-29 10:36:07 UTC (rev 30431) @@ -771,8 +771,8 @@ assert isinstance(r, Result), `r` r.flatten(result.write) -class ThreadingHTTPServer(BaseHTTPServer.HTTPServer, - SocketServer.ThreadingMixIn): +class ThreadingHTTPServer(SocketServer.ThreadingMixIn, + BaseHTTPServer.HTTPServer): pass RE_BASE_URL = re.compile(r'^(https?)://([^/]+)(.*)') ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29171 - data/CVE
Author: fw Date: 2014-09-30 17:42:06 + (Tue, 30 Sep 2014) New Revision: 29171 Modified: data/CVE/list Log: CVE-2014-6277 CVE-2014-6278 bash The prefix/suffix patch is considered sufficient fix for that. Modified: data/CVE/list === --- data/CVE/list 2014-09-30 13:40:31 UTC (rev 29170) +++ data/CVE/list 2014-09-30 17:42:06 UTC (rev 29171) @@ -2003,7 +2003,9 @@ RESERVED CVE-2014-6278 [code execution via specially crafted environment variables] RESERVED - - bash unfixed + - bash 4.3-9.2 (high) + [wheezy] - bash 4.2+dfsg-0.1+deb7u3 (high) + [squeeze] - bash 4.1-3+deb6u2 (high) NOTE: The underlying parser flaw has not yet been disclosed and might NOTE: still exist in latest released bash packages. However Florian NOTE: Weimer's variables-affix.patch patch applied in Debian prevents @@ -2012,7 +2014,9 @@ NOTE: from its environment. CVE-2014-6277 [untrusted pointer use issue leading to code execution] RESERVED - - bash unfixed + - bash 4.3-9.2 + [wheezy] - bash 4.2+dfsg-0.1+deb7u3 + [squeeze] - bash 4.1-3+deb6u2 NOTE: The underlying parser flaw has not yet been disclosed and might NOTE: still exist in latest released bash packages. However Florian NOTE: Weimer's variables-affix.patch patch applied in Debian prevents ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29000 - data/DSA
Author: fw Date: 2014-09-24 14:00:56 + (Wed, 24 Sep 2014) New Revision: 29000 Modified: data/DSA/list Log: DSA-3032-1 bash Modified: data/DSA/list === --- data/DSA/list 2014-09-24 13:14:47 UTC (rev 28999) +++ data/DSA/list 2014-09-24 14:00:56 UTC (rev 29000) @@ -1,3 +1,6 @@ +[24 Sep 2014] DSA-3032-1 bash - security update + {CVE-2014-6271} + [wheezy] - bash 4.2+dfsg-0.1+deb7u1 [23 Sep 2014] DSA-3031-1 apt - security update {CVE-2014-6273} [wheezy] - apt 0.9.7.9+deb7u5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29001 - data/DLA
Author: fw Date: 2014-09-24 14:11:41 + (Wed, 24 Sep 2014) New Revision: 29001 Modified: data/DLA/list Log: DLA-59-1 bash Modified: data/DLA/list === --- data/DLA/list 2014-09-24 14:00:56 UTC (rev 29000) +++ data/DLA/list 2014-09-24 14:11:41 UTC (rev 29001) @@ -1,3 +1,6 @@ +[24 Sep 2014] DLA-59-1 bash - security update + {CVE-2014-6271} + [squeeze] - bash 4.1-3+deb6u1 [23 Sep 2014] DLA-58-1 apt - security update {CVE-2014-6273} [squeeze] - apt 0.8.10.3+squeeze5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28833 - data/DSA
Author: fw Date: 2014-09-16 18:06:11 + (Tue, 16 Sep 2014) New Revision: 28833 Modified: data/DSA/list Log: DSA-3026-1 dbus Modified: data/DSA/list === --- data/DSA/list 2014-09-16 17:34:12 UTC (rev 28832) +++ data/DSA/list 2014-09-16 18:06:11 UTC (rev 28833) @@ -1,3 +1,6 @@ +[16 Sep 2014] DSA-3026-1 dbus - security update + {CVE-2014-3635 CVE-2014-3636 CVE-2014-3637 CVE-2014-3638 CVE-2014-3639} + [wheezy] - dbus 1.6.8-1+deb7u4 [16 Sep 2014] DSA-3025-1 apt - security update {CVE-2014-0487 CVE-2014-0488 CVE-2014-0489 CVE-2014-0490} [wheezy] - apt 0.9.7.9+deb7u3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28795 - org
Author: fw Date: 2014-09-15 17:47:23 + (Mon, 15 Sep 2014) New Revision: 28795 Modified: org/TODO Log: Git migration has no impact on debsecan Modified: org/TODO === --- org/TODO2014-09-15 17:47:00 UTC (rev 28794) +++ org/TODO2014-09-15 17:47:23 UTC (rev 28795) @@ -47,7 +47,6 @@ the commit messages trigger updates of the tracker. - http://security-team.debian.org (on dillon.d.o) is updated from svn, needs to be switched (simple) - - debsecan? - https://contributors.debian.org/source/Debian%20Security%20Tracker Organisation ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28555 - in data: . DSA
Author: fw Date: 2014-09-01 18:44:26 + (Mon, 01 Sep 2014) New Revision: 28555 Modified: data/DSA/list data/dsa-needed.txt Log: DSA-3016-1 lua5.2 Modified: data/DSA/list === --- data/DSA/list 2014-09-01 18:42:58 UTC (rev 28554) +++ data/DSA/list 2014-09-01 18:44:26 UTC (rev 28555) @@ -1,3 +1,6 @@ +[01 Sep 2014] DSA-3016-1 lua5.2 - security update + {CVE-2014-5461} + [wheezy] - lua5.2 5.2.1-3+deb7u1 [01 Sep 2014] DSA-3015-1 lua5.1 - security update {CVE-2014-5461} [wheezy] - lua5.1 5.1.5-4+deb7u1 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2014-09-01 18:42:58 UTC (rev 28554) +++ data/dsa-needed.txt 2014-09-01 18:44:26 UTC (rev 28555) @@ -31,8 +31,6 @@ -- libxstream-java -- -lua5.2 --- mantis -- nss ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28554 - in data: . DSA
Author: fw Date: 2014-09-01 18:42:58 + (Mon, 01 Sep 2014) New Revision: 28554 Modified: data/DSA/list data/dsa-needed.txt Log: DSA-3015-1 lua5.1 Modified: data/DSA/list === --- data/DSA/list 2014-09-01 18:31:16 UTC (rev 28553) +++ data/DSA/list 2014-09-01 18:42:58 UTC (rev 28554) @@ -1,3 +1,6 @@ +[01 Sep 2014] DSA-3015-1 lua5.1 - security update + {CVE-2014-5461} + [wheezy] - lua5.1 5.1.5-4+deb7u1 [31 Aug 2014] DSA-2987-2 openjdk-7 - regression update [wheezy] - openjdk-7 7u65-2.5.1-5~deb7u1 [28 Aug 2014] DSA-3014-1 squid3 - security update Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2014-09-01 18:31:16 UTC (rev 28553) +++ data/dsa-needed.txt 2014-09-01 18:42:58 UTC (rev 28554) @@ -31,8 +31,6 @@ -- libxstream-java -- -lua5.1 --- lua5.2 -- mantis ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28526 - data/DSA
Author: fw Date: 2014-08-31 20:49:46 + (Sun, 31 Aug 2014) New Revision: 28526 Modified: data/DSA/list Log: DSA-2987-2 openjdk-7 Modified: data/DSA/list === --- data/DSA/list 2014-08-31 20:47:02 UTC (rev 28525) +++ data/DSA/list 2014-08-31 20:49:46 UTC (rev 28526) @@ -1,3 +1,5 @@ +[31 Aug 2014] DSA-2987-2 openjdk-7 - regression update + [wheezy] - openjdk-7 7u65-2.5.1-5~deb7u1 [28 Aug 2014] DSA-3014-1 squid3 - security update {CVE-2014-3609} [wheezy] - squid3 3.1.20-2.2+deb7u2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28527 - data
Author: fw Date: 2014-08-31 20:50:57 + (Sun, 31 Aug 2014) New Revision: 28527 Modified: data/dsa-needed.txt Log: DSA-2987-2 openjdk-7 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2014-08-31 20:49:46 UTC (rev 28526) +++ data/dsa-needed.txt 2014-08-31 20:50:57 UTC (rev 28527) @@ -40,8 +40,6 @@ -- nss -- -openjdk-7 --- openswan (corsac) NOTE: regression fix needed for CVE-2013-2053 (#743332) and CVE-2013-6466 (#744717) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28528 - lib/python
Author: fw Date: 2014-08-31 20:53:00 + (Sun, 31 Aug 2014) New Revision: 28528 Modified: lib/python/security_db.py Log: lib/python/security_db.py (DB.getBugsForSourcePackage): Include TEMP- bugs Modified: lib/python/security_db.py === --- lib/python/security_db.py 2014-08-31 20:50:57 UTC (rev 28527) +++ lib/python/security_db.py 2014-08-31 20:53:00 UTC (rev 28528) @@ -1679,7 +1679,7 @@ AND sp.subrelease 'security' AND sp.subrelease 'lts' AND st.package = sp.rowid AND bugs.name = st.bug_name -AND bugs.name LIKE 'CVE-%' +AND (bugs.name LIKE 'CVE-%' OR bugs.name LIKE 'TEMP-%') GROUP BY bugs.name, bugs.description, sp.name) WHERE vulnerable = ? AND unimportant = ? ORDER BY name, (pkg, vulnerable, unimportant)) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28478 - data/DSA
Author: fw Date: 2014-08-27 05:27:51 + (Wed, 27 Aug 2014) New Revision: 28478 Modified: data/DSA/list Log: DSA-3012-1 eglibc Modified: data/DSA/list === --- data/DSA/list 2014-08-27 05:24:40 UTC (rev 28477) +++ data/DSA/list 2014-08-27 05:27:51 UTC (rev 28478) @@ -1,3 +1,6 @@ +[26 Aug 2014] DSA-3012-1 eglibc - security update + {CVE-2014-5119} + [wheezy] - eglibc 2.13-38+deb7u4 [23 Aug 2014] DSA-3011-1 mediawiki - security update {CVE-2014-5241 CVE-2014-5243} [wheezy] - mediawiki 1:1.19.18+dfsg-0+deb7u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28251 - data/CVE
Author: fw Date: 2014-08-13 06:13:35 + (Wed, 13 Aug 2014) New Revision: 28251 Modified: data/CVE/list Log: CVE-2014-5119 eglibc Modified: data/CVE/list === --- data/CVE/list 2014-08-13 05:32:15 UTC (rev 28250) +++ data/CVE/list 2014-08-13 06:13:35 UTC (rev 28251) @@ -202,8 +202,6 @@ RESERVED CVE-2014-5120 RESERVED -CVE-2014-5119 - RESERVED CVE-2014-5115 (Absolute path traversal vulnerability in DirPHP 1.0 allows remote ...) NOT-FOR-US: DirPHP CVE-2014-5114 (WeBid 1.1.1 allows remote attackers to conduct an LDAP injection ...) @@ -1116,8 +1114,9 @@ - rawstudio unfixed (low; bug #754899) [wheezy] - rawstudio no-dsa (Minor issue) [squeeze] - rawstudio not-affected (Vulnerable code not present) -CVE-2014- [glibc locale issues] - TODO: check +CVE-2014-5119 [glibc locale issues] + RESERVED + - eglibc unfixed (medium) NOTE: http://www.openwall.com/lists/oss-security/2014/07/14/2 CVE-2014-4909 (Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in ...) {DSA-2988-1} ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r27684 - data/DSA
Author: fw Date: 2014-07-10 18:24:13 + (Thu, 10 Jul 2014) New Revision: 27684 Modified: data/DSA/list Log: DSA-2976-1 eglibc Modified: data/DSA/list === --- data/DSA/list 2014-07-10 17:56:48 UTC (rev 27683) +++ data/DSA/list 2014-07-10 18:24:13 UTC (rev 27684) @@ -1,3 +1,6 @@ +[10 Jul 2014] DSA-2976-1 eglibc - security update + {CVE-2014-0475} + [wheezy] - eglibc 2.13-38+deb7u3 [09 Jul 2014] DSA-2975-1 phpmyadmin - security update {CVE-2013-4995 CVE-2013-4996 CVE-2013-5002 CVE-2013-5003 CVE-2014-1879} [wheezy] - phpmyadmin 4:3.4.11.1-2+deb7u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r26721 - /
Author: fw Date: 2014-04-28 06:24:48 + (Mon, 28 Apr 2014) New Revision: 26721 Modified: Makefile Log: Makefile: sparc is no longer part of testing Modified: Makefile === --- Makefile2014-04-28 06:05:44 UTC (rev 26720) +++ Makefile2014-04-28 06:24:48 UTC (rev 26721) @@ -8,7 +8,7 @@ MIRROR = http://cdn.debian.net/debian/ squeeze_ARCHS = amd64 armel i386 ia64 mips mipsel powerpc s390 sparc kfreebsd-i386 kfreebsd-amd64 wheezy_ARCHS = amd64 armel armhf i386 ia64 mips mipsel powerpc s390 s390x sparc kfreebsd-i386 kfreebsd-amd64 -jessie_ARCHS = amd64 armel armhf i386 mips mipsel powerpc s390x sparc kfreebsd-i386 kfreebsd-amd64 +jessie_ARCHS = amd64 armel armhf i386 mips mipsel powerpc s390x kfreebsd-i386 kfreebsd-amd64 sid_ARCHS = amd64 armel armhf hurd-i386 i386 kfreebsd-i386 kfreebsd-amd64 mips mipsel powerpc s390x sparc OLDSTABLE = squeeze ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r26732 - data/DSA
Author: fw Date: 2014-04-28 17:45:25 + (Mon, 28 Apr 2014) New Revision: 26732 Modified: data/DSA/list Log: DSA-2917-1 super Modified: data/DSA/list === --- data/DSA/list 2014-04-28 17:02:56 UTC (rev 26731) +++ data/DSA/list 2014-04-28 17:45:25 UTC (rev 26732) @@ -1,3 +1,7 @@ +[28 Apr 2014] DSA-2917-1 super - security update + {CVE-2014-0470} + [squeeze] - super 3.30.0-3+squeeze2 + [wheezy] - super 3.30.0-6+deb7u1 [28 Apr 2014] DSA-2916-1 libmms - security update {CVE-2014-2892} [squeeze] - libmms 0.6-1+squeeze2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r26270 - data/DSA
Author: fw Date: 2014-03-26 19:52:17 + (Wed, 26 Mar 2014) New Revision: 26270 Modified: data/DSA/list Log: DSA-2886-1 libxalan2-java Modified: data/DSA/list === --- data/DSA/list 2014-03-26 19:17:37 UTC (rev 26269) +++ data/DSA/list 2014-03-26 19:52:17 UTC (rev 26270) @@ -1,3 +1,7 @@ +[26 Mar 2014] DSA-2886-1 libxalan2-java - security update + {CVE-2014-0107} + [squeeze] - libxalan2-java 2.7.1-5+deb6u1 + [wheezy] - libxalan2-java 2.7.1-7+deb7u1 [26 Mar 2014] DSA-2885-1 libyaml-libyaml-perl - security update {CVE-2014-2525} [squeeze] - libyaml-libyaml-perl 0.33-1+squeeze3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r26143 - lib/python
Author: fw Date: 2014-03-17 10:57:24 + (Mon, 17 Mar 2014) New Revision: 26143 Modified: lib/python/web_support.py Log: web_support: Pass down https:// URLs to sever redirects This is required because security-tracker.debian.org sets STS and redirects to HTTPS, and recent Firefox versions do not handle http:// redirects in this context. Modified: lib/python/web_support.py === --- lib/python/web_support.py 2014-03-17 08:31:45 UTC (rev 26142) +++ lib/python/web_support.py 2014-03-17 10:57:24 UTC (rev 26143) @@ -148,7 +148,7 @@ generate URLs which reference to itself (see scriptRelative). def __init__(self, server_name, script_name, path_info='', - params={}): + params={}, secure=False): self.server_name = server_name or 'localhost' script_name = self._stripSlashes(script_name or '') if script_name[-1:] == '/' or script_name == '': @@ -157,6 +157,7 @@ self.script_name = script_name + '/' self.path_info = self._stripSlashes(path_info) self.params = params +self.secure = secure def _convertArgs(self, args): arglist = [] @@ -198,11 +199,15 @@ def scriptRelativeFull(self, path, **args): Like scriptRelative, but returns an absolute URL, including the http:// prefix. +if self.secure: +schema = https +else: +schema = http +return URL(%s://%s/%s%s%s % (schema, + self.server_name, self.script_name, + self._stripSlashes(path), + self._convertArgs(args))) -return URL(http://%s/%s%s%s; % (self.server_name, self.script_name, - self._stripSlashes(path), - self._convertArgs(args))) - def updateParamsDict(self, args): new_args = {} for (key, value) in self.params.items(): @@ -745,7 +750,7 @@ SocketServer.ThreadingMixIn): pass -RE_BASE_URL = re.compile(r'^http://([^/]+)(.*)') +RE_BASE_URL = re.compile(r'^(https?)://([^/]+)(.*)') class WebServiceHTTP(WebServiceBase): def __init__(self, socket_name): @@ -764,7 +769,8 @@ url = URLFactory(service_self.server_name, service_self.script_name, - path, params) + path, params, + secure=service_self.secure) service_self.lock.acquire() try: @@ -811,8 +817,9 @@ m = RE_BASE_URL.match(url) if m is None: raise ValueError(invalid base URL: + url) -self.server_name = m.group(1) -self.script_name = m.group(2) +self.secure = m.group(1) == https +self.server_name = m.group(2) +self.script_name = m.group(3) def __test(): @@ -829,6 +836,14 @@ assert str(u.scriptRelativeFull(/a/b, t='123')) \ == http://localhost/a/b?t=123; +u = URLFactory(server_name=None, script_name=None, secure=True) +assert str(u.absolute(http://www.enyo.de/;)) == http://www.enyo.de/; +assert str(u.absolute(http://www.enyo.de/;, t='123')) \ + == http://www.enyo.de/?t=123; +assert str(u.scriptRelative(/a/b, t='123')) == /a/b?t=123 +assert str(u.scriptRelativeFull(/a/b, t='123')) \ + == https://localhost/a/b?t=123; + u = URLFactory(server_name='localhost.localdomain', script_name='/cgi-bin/test.cgi') assert str(u.scriptRelative(a/b, t='123')) \ ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r26149 - /
Author: fw Date: 2014-03-17 19:33:27 + (Mon, 17 Mar 2014) New Revision: 26149 Modified: Makefile Log: ia64 is gone from sid Modified: Makefile === --- Makefile2014-03-17 18:09:19 UTC (rev 26148) +++ Makefile2014-03-17 19:33:27 UTC (rev 26149) @@ -9,7 +9,7 @@ squeeze_ARCHS = amd64 armel i386 ia64 mips mipsel powerpc s390 sparc kfreebsd-i386 kfreebsd-amd64 wheezy_ARCHS = amd64 armel armhf i386 ia64 mips mipsel powerpc s390 s390x sparc kfreebsd-i386 kfreebsd-amd64 jessie_ARCHS = amd64 armel armhf i386 mips mipsel powerpc s390x sparc kfreebsd-i386 kfreebsd-amd64 -sid_ARCHS = amd64 armel armhf hurd-i386 i386 ia64 kfreebsd-i386 kfreebsd-amd64 mips mipsel powerpc s390x sparc +sid_ARCHS = amd64 armel armhf hurd-i386 i386 kfreebsd-i386 kfreebsd-amd64 mips mipsel powerpc s390x sparc OLDSTABLE = squeeze STABLE= wheezy ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r25624 - org
Author: fw Date: 2014-02-09 10:33:38 + (Sun, 09 Feb 2014) New Revision: 25624 Modified: org/TODO Log: private Subversion repository on chopin Modified: org/TODO === --- org/TODO2014-02-09 09:35:12 UTC (rev 25623) +++ org/TODO2014-02-09 10:33:38 UTC (rev 25624) @@ -10,6 +10,8 @@ - set up a private SVN repo for embargo issues - remove all reference to Security Audit https://www.debian.org/security/audit/ - svnsync setup on soler to back up alioth in near-realtime (fw) + - sec-private Subversion repository on chopin (fw) + - notify DSA and verify it is part of the backup Security Tracker - ask Jon Wiltshire if new status to differentiate between no-dsa, if the maintainer wants to fix in a point update go ahead and no-dsa, was ignored because it's possible to backport is still needed. (fw) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r25609 - org
Author: fw Date: 2014-02-08 15:46:36 + (Sat, 08 Feb 2014) New Revision: 25609 Modified: org/TODO Log: Web pages TODOs Modified: org/TODO === --- org/TODO2014-02-08 15:43:32 UTC (rev 25608) +++ org/TODO2014-02-08 15:46:36 UTC (rev 25609) @@ -11,4 +11,8 @@ - remove all reference to Security Audit https://www.debian.org/security/audit/ Security Tracker - - fw: ask Jon Wiltshire if new status to differentiate between no-dsa, if the maintainer wants to fix in a point update go ahead and no-dsa, was ignored because it's possible to backport is still needed. + - ask Jon Wiltshire if new status to differentiate between no-dsa, if the maintainer wants to fix in a point update go ahead and no-dsa, was ignored because it's possible to backport is still needed. (fw) + +Web pages + - rename Mitre CVE database to CVE IDs (fw) + - replace CVE cross-reference with links to approrate security tracker information ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r25611 - org
Author: fw Date: 2014-02-08 15:54:03 + (Sat, 08 Feb 2014) New Revision: 25611 Modified: org/TODO Log: More webwml TODOs Modified: org/TODO === --- org/TODO2014-02-08 15:49:57 UTC (rev 25610) +++ org/TODO2014-02-08 15:54:03 UTC (rev 25611) @@ -16,3 +16,5 @@ Web pages - rename Mitre CVE database to CVE IDs (fw) - replace CVE cross-reference with links to approrate security tracker information + - adjust parse-advisory.pl script to DSA template changes + - adjust webwml templates to cope with missing data ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r25613 - bin
Author: fw Date: 2014-02-08 16:15:53 + (Sat, 08 Feb 2014) New Revision: 25613 Removed: bin/gen-DSA.py Log: Remove outdated and confusing gen-DSA script Deleted: bin/gen-DSA.py === --- bin/gen-DSA.py 2014-02-08 15:56:43 UTC (rev 25612) +++ bin/gen-DSA.py 2014-02-08 16:15:53 UTC (rev 25613) @@ -1,280 +0,0 @@ -#!/usr/bin/python -# gen-DSA -- create a DSA template -# Copyright (C) 2011 Florian Weimer f...@deneb.enyo.de -# -# User interface based on a shell version written by -# Raphael Geissert geiss...@debian.org. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - -# This script is intended to be run on security-master to get an -# unprocessed dump of the contents of the embargoed and unembargoed -# queues. -# -# The script reads .deb and .changes files. A caching database is -# written to ~/.cache. - - -import sys -import os.path -def setup_path(): -dirname = os.path.dirname -base = dirname(dirname(os.path.realpath(sys.argv[0]))) -sys.path.insert(0, os.path.join(base, lib, python)) -setup_path() - -from pwd import getpwuid -import re -import time - -import bugs -import debian_support -import secmaster - -def parsecommand(): -args = sys.argv[1:] -if not args: -usage() - -global opt_save -if args[0] == --save: -opt_save = True -del args[0] -else: -opt_save = False -if len(args) 3: -usage() - -global opt_dsaid -opt_dsaid = args[0] -if opt_dsaid.upper().startswith(DSA-): -opt_dsaid = opt_dsaid[4:] -if - not in opt_dsaid: -opt_dsaid += -1 - -global opt_package -opt_package = args[1] -if not opt_package: -usage(package argument is empty) - -global opt_vulnerability -opt_vulnerability = args[2] -if not opt_vulnerability: -usage(vulnerability argument is empty) - -global opt_cve -if len(args) = 4: -re_cve = re.compile((?i)CVE-\d{4}-\d{4,}) -opt_cve = set() -for cve in args[3].split(): -if not cve: -continue -cve = cve.upper() -if not re_cve.match(cve): -usage(malformed CVE name: + repr(cve)) -if cve in opt_cve: -usage(duplicate CVE: + repr(cve)) -opt_cve.add(cve) -opt_cve = tuple(sorted(opt_cve)) -else: -opt_cve = () - -global opt_bugs -if len(args) = 5: -opt_bugs = set() -for bug in args[3].split(): -if not bug: -continue -try: -bug = int(bug) -if bug = 0: -raise ValueError -except: -usage(malformed bug number: + repr(bug)) -if bug in opt_bugs: -usage(duplicate bug number: + repr(bug)) -opt_bugs.add(cve) -opt_bugs = tuple(sorted(opt_bugs)) -else: -opt_bugs = () -if len(args) = 5: -usage() - -def usage(msg=None): -if msg is not None: -print sys.stderr, error:, msg -print sys.stderr, usage:, sys.argv[0], \ -[--save] DSA package vulnerability [CVE [bug number]] -print sys.stderr -print sys.stderr, \ -Multiple CVE and bug numbers can be separated by spaces -sys.exit(1) - -def gecos(): -gecos = os.getenv(DEBFULLNAME) -if gecos is not None: -return gecos -gecos = getpwuid(os.getuid()).pw_gecos -return gecos.split(,)[0] - -def debemail(): -for env in (DEBEMAIL, USER): -email = os.getenv(env) -if email is not None: -return email -return unknown - -def filledtemplate(values, re_var=re.compile(r\$\$?([A-Z_]+))): -template = file(debian_support.findresource(doc, DSA.template)).read() -def repl(match): -return values[match.group(1)] -return re_var.sub(repl, template) - -tm = time.gmtime(time.time()) -def getdate(months= January February March April May June July August September October November December.split( )): -return {0} {1:02}, {2}.format(months[tm.tm_mon], tm.tm_mday, tm.tm_year) - -dsa_list_path = debian_support.findresource(*data DSA list.split()) -def checklist(): -name = DSA- + opt_dsaid -for bug in bugs.DSAFile
[Secure-testing-commits] r25618 - org
Author: fw Date: 2014-02-08 17:53:24 + (Sat, 08 Feb 2014) New Revision: 25618 Modified: org/TODO Log: TODO: svnsync mirror Modified: org/TODO === --- org/TODO2014-02-08 17:40:41 UTC (rev 25617) +++ org/TODO2014-02-08 17:53:24 UTC (rev 25618) @@ -9,6 +9,7 @@ Infrastructure - set up a private SVN repo for embargo issues - remove all reference to Security Audit https://www.debian.org/security/audit/ + - svnsync setup on soler to back up alioth in near-realtime (fw) Security Tracker - ask Jon Wiltshire if new status to differentiate between no-dsa, if the maintainer wants to fix in a point update go ahead and no-dsa, was ignored because it's possible to backport is still needed. (fw) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r25568 - org
Author: fw Date: 2014-02-07 17:07:53 + (Fri, 07 Feb 2014) New Revision: 25568 Modified: org/agenda-2014.txt Log: debsecan item Modified: org/agenda-2014.txt === --- org/agenda-2014.txt 2014-02-07 16:36:06 UTC (rev 25567) +++ org/agenda-2014.txt 2014-02-07 17:07:53 UTC (rev 25568) @@ -71,6 +71,9 @@ + Automatically group/reorder unassigned CVE-$year- item to have them in one place and get a better overview? +- debsecan should move to a shared development platform + (collab-maint on alioth?) + Infrastructure == ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r25570 - org
Author: fw Date: 2014-02-07 17:23:27 + (Fri, 07 Feb 2014) New Revision: 25570 Modified: org/security-frontdesk.2014.txt Log: Frontdesk rotation: add myself Modified: org/security-frontdesk.2014.txt === --- org/security-frontdesk.2014.txt 2014-02-07 17:19:22 UTC (rev 25569) +++ org/security-frontdesk.2014.txt 2014-02-07 17:23:27 UTC (rev 25570) @@ -12,7 +12,7 @@ Week 12: 24-03 to 30-03:thijs Week 13: 31-03 to 06-04:nion Week 14: 07-04 to 13-04:carnil -Week 15: 14-04 to 20-04: +Week 15: 14-04 to 20-04:fw Week 16: 21-04 to 27-04:geissert Week 17: 28-04 to 04-05:corsac Week 18: 05-05 to 11-05: ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r25578 - data/DSA
Author: fw Date: 2014-02-07 20:26:14 + (Fri, 07 Feb 2014) New Revision: 25578 Modified: data/DSA/list Log: DSA-2856-1 libcommons-fileupload-java Modified: data/DSA/list === --- data/DSA/list 2014-02-07 20:14:08 UTC (rev 25577) +++ data/DSA/list 2014-02-07 20:26:14 UTC (rev 25578) @@ -1,3 +1,6 @@ +[07 Feb 2014] DSA-2856-1 libcommons-fileupload-java - CVE-2014-0050 + [squeeze] - libcommons-fileupload-java 1.2.2-1+deb6u2 + [wheezy] - libcommons-fileupload-java 1.2.2-1+deb7u2 [05 Feb 2014] DSA-2855-1 libav - several {CVE-2011-3944 CVE-2013-0845 CVE-2013-0846 CVE-2013-0849 CVE-2013-0865 CVE-2013-7010 CVE-2013-7014 CVE-2013-7015} [wheezy] - libav 6:0.8.10-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r25556 - data/DSA
Author: fw Date: 2014-02-06 22:04:50 + (Thu, 06 Feb 2014) New Revision: 25556 Modified: data/DSA/list Log: DSA-2852-1 libgadu (squeeze) Modified: data/DSA/list === --- data/DSA/list 2014-02-06 21:14:14 UTC (rev 2) +++ data/DSA/list 2014-02-06 22:04:50 UTC (rev 25556) @@ -10,6 +10,7 @@ [03 Feb 2014] DSA-2852-1 libgadu - heap-based buffer overflow {CVE-2013-6487} [wheezy] - libgadu 1:1.11.2-1+deb7u1 + [squeeze] - libgadu 1:1.9.0-2+squeeze2 [02 Feb 2014] DSA-2851-1 drupal6 - impersonation {CVE-2014-1475} [squeeze] - drupal6 6.30-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r25500 - data/DSA
Author: fw Date: 2014-02-03 21:18:28 + (Mon, 03 Feb 2014) New Revision: 25500 Modified: data/DSA/list Log: DSA-2852-1 libgadu Modified: data/DSA/list === --- data/DSA/list 2014-02-03 15:41:24 UTC (rev 25499) +++ data/DSA/list 2014-02-03 21:18:28 UTC (rev 25500) @@ -1,3 +1,6 @@ +[03 Feb 2014] DSA-2852-1 libgadu - heap-based buffer overflow + {CVE-2013-6487} + [wheezy] - libgadu 1:1.11.2-1+deb7u1 [02 Feb 2014] DSA-2851-1 drupal6 - impersonation {CVE-2014-1475} [squeeze] - drupal6 6.30-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r25465 - data/CVE
Author: fw Date: 2014-02-02 10:43:51 + (Sun, 02 Feb 2014) New Revision: 25465 Modified: data/CVE/list Log: CVE-2014-1474: only record libemail-address-list-perl request-tracker4 does not bundle its dependencies, so bugs in the latter cannot be fixed in the former anyway. Modified: data/CVE/list === --- data/CVE/list 2014-02-02 09:09:28 UTC (rev 25464) +++ data/CVE/list 2014-02-02 10:43:51 UTC (rev 25465) @@ -796,7 +796,6 @@ RESERVED CVE-2014-1474 RESERVED - - request-tracker4 not-affected (Only 4.0.x does not have the dependency on Email::Address::List, only 4.2.0 onwards)) - libemail-address-list-perl 0.03-1 NOTE: http://lists.bestpractical.com/pipermail/rt-announce/2014-January/000245.html CVE-2013-7305 (fpw.php in e107 through 1.0.4 does not check the user_ban field, which ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r25480 - /
Author: fw Date: 2014-02-02 18:16:38 + (Sun, 02 Feb 2014) New Revision: 25480 Modified: Makefile Log: Makefile: Remove ia64 from jessie Modified: Makefile === --- Makefile2014-02-02 17:54:51 UTC (rev 25479) +++ Makefile2014-02-02 18:16:38 UTC (rev 25480) @@ -8,7 +8,7 @@ MIRROR = http://cdn.debian.net/debian/ squeeze_ARCHS = amd64 armel i386 ia64 mips mipsel powerpc s390 sparc kfreebsd-i386 kfreebsd-amd64 wheezy_ARCHS = amd64 armel armhf i386 ia64 mips mipsel powerpc s390 s390x sparc kfreebsd-i386 kfreebsd-amd64 -jessie_ARCHS = amd64 armel armhf i386 ia64 mips mipsel powerpc s390x sparc kfreebsd-i386 kfreebsd-amd64 +jessie_ARCHS = amd64 armel armhf i386 mips mipsel powerpc s390x sparc kfreebsd-i386 kfreebsd-amd64 sid_ARCHS = amd64 armel armhf hurd-i386 i386 ia64 kfreebsd-i386 kfreebsd-amd64 mips mipsel powerpc s390x sparc OLDSTABLE = squeeze ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r25437 - data/DSA
Author: fw Date: 2014-01-31 07:20:38 + (Fri, 31 Jan 2014) New Revision: 25437 Modified: data/DSA/list Log: DSA-2849-1 curl Modified: data/DSA/list === --- data/DSA/list 2014-01-31 06:30:22 UTC (rev 25436) +++ data/DSA/list 2014-01-31 07:20:38 UTC (rev 25437) @@ -1,3 +1,7 @@ +[31 Jan 2014] DSA-2849-1 curl - information disclosure + {CVE-2014-0015} + [squeeze] - curl 7.21.0-2.1+squeeze7 + [wheezy] - curl 7.26.0-1+wheezy8 [23 Jan 2014] DSA-2848-1 mysql-5.5 - several {CVE-2013-5891 CVE-2013-5908 CVE-2014-0386 CVE-2014-0393 CVE-2014-0401 CVE-2014-0402 CVE-2014-0412 CVE-2014-0420 CVE-2014-0437} [wheezy] - mysql-5.5 5.5.35+dfsg-0+wheezy1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r25130 - data/CVE
Author: fw Date: 2014-01-09 20:27:41 + (Thu, 09 Jan 2014) New Revision: 25130 Modified: data/CVE/list Log: CVE-2013-7284 libplrpc-perl Modified: data/CVE/list === --- data/CVE/list 2014-01-09 18:39:42 UTC (rev 25129) +++ data/CVE/list 2014-01-09 20:27:41 UTC (rev 25130) @@ -380,6 +380,9 @@ RESERVED CVE-2014-0790 RESERVED +CVE-2013-7284 [libplrpc-perl remote code execution due to Storable] + - libplrpc-perl unfixed (high; bug #734789) + NOTE: Upstream appears dead. CVE-2013-7273 [no prompt anymore after login cancel using disable_user_list] - gdm3 unfixed (low; bug #683338) [wheezy] - gdm3 no-dsa (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24985 - data/CVE
Author: fw Date: 2013-12-30 21:55:47 + (Mon, 30 Dec 2013) New Revision: 24985 Modified: data/CVE/list Log: CVE-2013-4492 libi18n-ruby squeeze not-affected Modified: data/CVE/list === --- data/CVE/list 2013-12-30 21:52:20 UTC (rev 24984) +++ data/CVE/list 2013-12-30 21:55:47 UTC (rev 24985) @@ -7905,6 +7905,7 @@ CVE-2013-4492 (Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n ...) - ruby-i18n 0.6.9-1 - libi18n-ruby removed + [squeeze] - libi18n-ruby not-affected (vulnerable code not present) CVE-2013-4491 (Cross-site scripting (XSS) vulnerability in ...) - rails-4.0 4.0.2+dfsg-1 (bug #731290) - ruby-actionpack-3.2 3.2.16-1 (bug #731288) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24986 - data/DSA
Author: fw Date: 2013-12-30 21:56:39 + (Mon, 30 Dec 2013) New Revision: 24986 Modified: data/DSA/list Log: DSA-2830-1 ruby-i18n Modified: data/DSA/list === --- data/DSA/list 2013-12-30 21:55:47 UTC (rev 24985) +++ data/DSA/list 2013-12-30 21:56:39 UTC (rev 24986) @@ -1,3 +1,6 @@ +[30 Dec 2013] DSA-2830-1 ruby-i18n - cross-site scripting + {CVE-2013-4492} + [wheezy] - ruby-i18n 0.6.0-3+deb7u1 [28 Dec 2013] DSA-2829-1 hplip - several {CVE-2013-0200 CVE-2013-4325 CVE-2013-6402 CVE-2013-6427} [squeeze] - hplip 3.10.6-2+squeeze2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r24283 - data/DSA
Author: fw Date: 2013-11-04 06:10:47 + (Mon, 04 Nov 2013) New Revision: 24283 Modified: data/DSA/list Log: DSA-2791-1 tryton-client Modified: data/DSA/list === --- data/DSA/list 2013-11-04 05:11:34 UTC (rev 24282) +++ data/DSA/list 2013-11-04 06:10:47 UTC (rev 24283) @@ -1,3 +1,6 @@ +[04 Nov 2013] DSA-2791-1 tryton-client - missing input sanitization + [squeeze] - tryton-client 1.6.1-1+deb6u1 + [wheezy] - tryton-client 2.2.3-1+deb7u1 [02 Nov 2013] DSA-2790-1 nss - uninitialized memory read {CVE-2013-1739} [wheezy] - nss 2:3.14.4-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23533 - data/CVE
Author: fw Date: 2013-09-03 19:50:25 + (Tue, 03 Sep 2013) New Revision: 23533 Modified: data/CVE/list Log: CVE-2013-4298 imagemagick CVEified Modified: data/CVE/list === --- data/CVE/list 2013-09-03 18:48:27 UTC (rev 23532) +++ data/CVE/list 2013-09-03 19:50:25 UTC (rev 23533) @@ -1,4 +1,5 @@ -CVE-2013- [Memory corruption while processing GIF comments] +CVE-2013-4298 [Memory corruption while processing GIF comments] + RESERVED - imagemagick 8:6.7.7.10-6 (bug #721273) [squeeze] - imagemagick not-affected (Code not vulnerable) CVE-2013-5673 [SQL injection] @@ -2939,8 +2940,6 @@ RESERVED CVE-2013-4299 RESERVED -CVE-2013-4298 - RESERVED CVE-2013-4297 RESERVED CVE-2013-4296 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23534 - data/DSA
Author: fw Date: 2013-09-03 19:55:43 + (Tue, 03 Sep 2013) New Revision: 23534 Modified: data/DSA/list Log: DSA-2750-1 imagemagick Modified: data/DSA/list === --- data/DSA/list 2013-09-03 19:50:25 UTC (rev 23533) +++ data/DSA/list 2013-09-03 19:55:43 UTC (rev 23534) @@ -1,3 +1,6 @@ +[03 Sep 2013] DSA-2750-1 imagemagick - buffer overflow + {CVE-2013-4298} + [wheezy] - imagemagick 8:6.7.7.10-5+deb7u2 [02 Sep 2013] DSA-2749-1 asterisk - several {CVE-2013-5641 CVE-2013-5642} [squeeze] - asterisk 1:1.6.2.9-2+squeeze11 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23542 - data
Author: fw Date: 2013-09-04 05:50:39 + (Wed, 04 Sep 2013) New Revision: 23542 Modified: data/dsa-needed.txt Log: imagemagick TCO Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2013-09-04 05:39:16 UTC (rev 23541) +++ data/dsa-needed.txt 2013-09-04 05:50:39 UTC (rev 23542) @@ -25,8 +25,6 @@ -- iceape (jmm) -- -imagemagick --- jquery/oldstable Maintainer prepared an update -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23513 - data
Author: fw Date: 2013-09-02 05:58:59 + (Mon, 02 Sep 2013) New Revision: 23513 Modified: data/dsa-needed.txt Log: imagemagick DSA in preparation Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2013-09-01 23:09:51 UTC (rev 23512) +++ data/dsa-needed.txt 2013-09-02 05:58:59 UTC (rev 23513) @@ -27,6 +27,8 @@ -- iceape (jmm) -- +imagemagick +-- jquery/oldstable Maintainer prepared an update -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits