Author: carnil
Date: 2016-03-02 06:01:13 + (Wed, 02 Mar 2016)
New Revision: 40123
Modified:
data/CVE/list
Log:
dovecot bug #803223 addressed in unstable
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-02 05:59:49
Author: carnil
Date: 2016-03-02 05:59:49 + (Wed, 02 Mar 2016)
New Revision: 40122
Modified:
data/dsa-needed.txt
Log:
Add note for squid3
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-02 05:59:10 UTC (rev
Author: carnil
Date: 2016-03-02 05:59:10 + (Wed, 02 Mar 2016)
New Revision: 40121
Modified:
data/CVE/list
Log:
squid3 issues fixed in unstable, #816011
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-01 22:00:51
Author: carnil
Date: 2016-03-01 22:00:51 + (Tue, 01 Mar 2016)
New Revision: 40120
Modified:
data/dsa-needed.txt
Log:
python-django added to dsa-needed list
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-01
Author: carnil
Date: 2016-03-01 21:14:04 + (Tue, 01 Mar 2016)
New Revision: 40119
Modified:
data/CVE/list
Log:
Mark CVE-2016-1353 as NFU
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-01 21:10:34 UTC (rev 40118)
://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html
CVE-2016-0799 [Memory issues in BIO_*printf functions]
RESERVED
+ {DSA-3500-1}
- openssl 1.0.2g-1
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in
https://git.openssl.org
Author: carnil
Date: 2016-03-01 20:28:10 + (Tue, 01 Mar 2016)
New Revision: 40117
Modified:
data/CVE/list
Log:
Add issue for libryo-java
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-01 20:14:54 UTC (rev 40116)
Author: carnil
Date: 2016-03-01 20:14:54 + (Tue, 01 Mar 2016)
New Revision: 40116
Modified:
data/CVE/list
Log:
Add two CVEs for python-django
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-01 19:34:44 UTC (rev
Author: carnil
Date: 2016-03-01 19:34:44 + (Tue, 01 Mar 2016)
New Revision: 40115
Modified:
data/CVE/list
Log:
Add fixed version for unstable and add back tags from upstream repo
Modified: data/CVE/list
===
--- data/CVE/list
Author: carnil
Date: 2016-03-01 19:31:12 + (Tue, 01 Mar 2016)
New Revision: 40114
Modified:
data/CVE/list
Log:
Two CVEs assigned for qemu
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-01 19:14:23 UTC (rev 40113)
Author: carnil
Date: 2016-03-01 19:14:23 + (Tue, 01 Mar 2016)
New Revision: 40113
Modified:
data/CVE/list
Log:
perl fixed in unstable, CVE-2016-2381
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-01 18:30:40 UTC
)
+++ data/CVE/list 2016-03-01 18:30:40 UTC (rev 40112)
@@ -6205,6 +6205,7 @@
- openssl 1.0.0c-2
- nss 3.13
NOTE: openssl 1.0.0c-2 dropped SSLv2 support
+ NOTE: NSS disabled SSLv2 by default in 3.13
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in
https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835
NOTE:
https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/
CVE
dropped SSLv2 support
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: https://www.drownattack.com/
NOTE: GNUTLS never implemented SSLv2
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: carnil
Date: 2016-03-01 17:55:43 + (Tue, 01 Mar 2016)
New Revision: 40109
Modified:
data/CVE/list
Log:
Revert change for unixed status for CVE-2016-2560 and CVE-2016-2561
Note: this is implicitly given. Thus just mark the previous versions
which are not-affected due to vulnerable
Author: fgeek-guest
Date: 2016-03-01 17:00:49 + (Tue, 01 Mar 2016)
New Revision: 40108
Modified:
data/CVE/list
Log:
phpmyadmin jessie affected of CVE-2016-2560 and CVE-2016-2561
Modified: data/CVE/list
===
--- data/CVE/list
Author: carnil
Date: 2016-03-01 16:17:03 + (Tue, 01 Mar 2016)
New Revision: 40107
Modified:
data/CVE/list
Log:
Mark qemu issue as no-dsa
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-01 16:00:49 UTC (rev 40106)
Author: thijs
Date: 2016-03-01 16:00:49 + (Tue, 01 Mar 2016)
New Revision: 40106
Modified:
data/CVE/list
Log:
triage phpmyadmin issues
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-01 15:42:38 UTC (rev 40105)
Author: carnil
Date: 2016-03-01 15:42:38 + (Tue, 01 Mar 2016)
New Revision: 40105
Modified:
data/CVE/list
Log:
Add new qemu issue, CVE assignment pending
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-01 15:40:34
Author: thijs
Date: 2016-03-01 15:40:34 + (Tue, 01 Mar 2016)
New Revision: 40104
Modified:
data/CVE/list
Log:
4 phpMyAdmin CVE's fixed in sid
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-01 15:37:22 UTC (rev
Author: carnil
Date: 2016-03-01 15:37:22 + (Tue, 01 Mar 2016)
New Revision: 40103
Modified:
data/CVE/list
Log:
Remove todo item for rejected item
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-01 15:03:06 UTC
Author: carnil
Date: 2016-03-01 15:03:06 + (Tue, 01 Mar 2016)
New Revision: 40102
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
Reserve DSA number for perl
Modified: data/DSA/list
===
--- data/DSA/list 2016-03-01
Author: pabs
Date: 2016-03-01 14:30:06 + (Tue, 01 Mar 2016)
New Revision: 40100
Modified:
bin/add-dsa-needed.sh
bin/embedded-cleanup
bin/gen-DSA
bin/inject-embedded-code-copies
bin/reserved-but-public
bin/split-by-year
check-external/lookup.sh
check-external/update.sh
Author: pabs
Date: 2016-03-01 14:30:15 + (Tue, 01 Mar 2016)
New Revision: 40101
Modified:
templates/lts-no-dsa.txt
templates/lts-update-planned.txt
Log:
https for links to the LTS development page
Modified: templates/lts-no-dsa.txt
Author: pabs
Date: 2016-03-01 14:25:57 + (Tue, 01 Mar 2016)
New Revision: 40099
Modified:
TODO.gitmigration
Log:
git migration: cgit webinterface works now
Modified: TODO.gitmigration
===
--- TODO.gitmigration 2016-03-01
Author: ghedo
Date: 2016-03-01 14:20:52 + (Tue, 01 Mar 2016)
New Revision: 40098
Modified:
data/DSA/list
Log:
Fix openssl version in jessie
Modified: data/DSA/list
===
--- data/DSA/list 2016-03-01 14:13:51 UTC (rev
Author: ghedo
Date: 2016-03-01 14:13:43 + (Tue, 01 Mar 2016)
New Revision: 40096
Modified:
data/DSA/list
Log:
Reserve DSA for openssl
Modified: data/DSA/list
===
--- data/DSA/list 2016-03-01 14:07:06 UTC (rev 40095)
+++
-2016-0799 [Memory issues in BIO_*printf functions]
RESERVED
- openssl
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in
https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835
NOTE:
https
UTC (rev 40094)
+++ data/CVE/list 2016-03-01 14:07:06 UTC (rev 40095)
@@ -6181,6 +6181,7 @@
CVE-2016-0800
RESERVED
- openssl 1.0.0c-2
+ NOTE: 1.0.0c-2 dropped SSLv2 support
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: https
40093)
+++ data/CVE/list 2016-03-01 14:06:23 UTC (rev 40094)
@@ -6184,6 +6184,7 @@
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: https://www.drownattack.com/
NOTE: GNUTLS never implemented SSLv2
+ NOTE:
http://blog.cryptographyengineering.com/2016/03
)
+++ data/CVE/list 2016-03-01 14:03:58 UTC (rev 40093)
@@ -6181,19 +6181,24 @@
CVE-2016-0800
RESERVED
- openssl 1.0.0c-2
+ NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: https://www.drownattack.com/
+ NOTE: GNUTLS never implemented SSLv2
CVE
Author: jmm
Date: 2016-03-01 13:38:49 + (Tue, 01 Mar 2016)
New Revision: 40092
Modified:
data/CVE/list
Log:
sslv2 disabled since wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-01 13:36:40 UTC (rev 40091)
Author: seb
Date: 2016-03-01 13:36:40 + (Tue, 01 Mar 2016)
New Revision: 40091
Modified:
data/dsa-needed.txt
Log:
Add a note about gosa status
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-01 13:31:29 UTC
Author: seb
Date: 2016-03-01 13:31:29 + (Tue, 01 Mar 2016)
New Revision: 40090
Modified:
data/dsa-needed.txt
Log:
Take bsh (CVE-2016-2510) from dsa-needed
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-01
Author: pabs
Date: 2016-03-01 13:28:55 + (Tue, 01 Mar 2016)
New Revision: 40089
Modified:
data/CVE/list
Log:
DROWN web page mentions CVE-2016-0703 applies to openssl
Modified: data/CVE/list
===
--- data/CVE/list
Author: pabs
Date: 2016-03-01 13:24:05 + (Tue, 01 Mar 2016)
New Revision: 40088
Modified:
data/CVE/list
Log:
CVE-2016-0800: DROWN attack
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-01 12:51:17 UTC (rev 40087)
Author: apo-guest
Date: 2016-03-01 12:51:17 + (Tue, 01 Mar 2016)
New Revision: 40087
Modified:
data/dsa-needed.txt
Log:
Claim Tomcat 6 in dsa-needed.txt
I sent my last e-mail to t...@security.debian.org on 2016-02-27. Waiting for a
response now.
Modified: data/dsa-needed.txt
Author: carnil
Date: 2016-03-01 12:37:25 + (Tue, 01 Mar 2016)
New Revision: 40086
Modified:
data/dsa-needed.txt
Log:
Add perl to dsa-needed list
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-01 12:37:17
Author: carnil
Date: 2016-03-01 12:37:17 + (Tue, 01 Mar 2016)
New Revision: 40085
Modified:
data/CVE/list
Log:
Add CVE-2016-2381/perl
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-01 09:15:15 UTC (rev 40084)
+++
Author: sunweaver
Date: 2016-03-01 09:12:50 + (Tue, 01 Mar 2016)
New Revision: 40083
Modified:
data/dsa-needed.txt
Log:
add gosa/oldstable, take it, add note about submitted .debdiff
Modified: data/dsa-needed.txt
===
---
Author: sunweaver
Date: 2016-03-01 09:15:15 + (Tue, 01 Mar 2016)
New Revision: 40084
Modified:
data/dsa-needed.txt
Log:
smarty3 -> smarty3/oldstable: version bump to 3.1.21 recommended to get
CVE-2014-8350 resolved in wheezy
Modified: data/dsa-needed.txt
Author: sunweaver
Date: 2016-03-01 09:11:25 + (Tue, 01 Mar 2016)
New Revision: 40082
Modified:
data/dsa-needed.txt
Log:
pick pdns/oldstable for investigation
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt
Author: sectracker
Date: 2016-03-01 09:10:18 + (Tue, 01 Mar 2016)
New Revision: 40081
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-01 07:19:20 UTC (rev 40080)
+++
43 matches
Mail list logo