[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-3741/ruy-rails-html-sanitizer

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7cba9cf6 by Salvatore Bonaccorso at 2018-03-25T09:32:31+02:00
Add bug reference for CVE-2018-3741/ruy-rails-html-sanitizer

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -13822,7 +13822,7 @@ CVE-2018-3742
RESERVED
 CVE-2018-3741 [XSS vulnerability]
RESERVED
-   - ruby-rails-html-sanitizer 1.0.4-1
+   - ruby-rails-html-sanitizer 1.0.4-1 (bug #893994)
NOTE: 
https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae
 CVE-2018-3740 [Sanitize HTML injection vulnerability]
RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7cba9cf6eac17ba42b2f92737d940ab2a826f17c

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7cba9cf6eac17ba42b2f92737d940ab2a826f17c
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fb1b8eeb by Salvatore Bonaccorso at 2018-03-25T09:43:56+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,15 +1,15 @@
 CVE-2018-8969 (An issue was discovered in zzcms 8.2. user/licence_save.php 
allows ...)
-   TODO: check
+   NOT-FOR-US: zzcms
 CVE-2018-8968 (An issue was discovered in zzcms 8.2. user/manage.php allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: zzcms
 CVE-2018-8967 (An issue was discovered in zzcms 8.2. It allows SQL injection 
via the ...)
-   TODO: check
+   NOT-FOR-US: zzcms
 CVE-2018-8966 (An issue was discovered in zzcms 8.2. It allows PHP code 
injection via ...)
-   TODO: check
+   NOT-FOR-US: zzcms
 CVE-2018-8965 (An issue was discovered in zzcms 8.2. user/ppsave.php allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: zzcms
 CVE-2015-9257 (BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service 
Pack 2 ...)
-   TODO: check
+   NOT-FOR-US: BMC Remedy Action Request (AR) System
 CVE-2018-8964 (In libming 0.4.8, the decompileDELETE function of decompile.c 
has a ...)
- ming 
NOTE: https://github.com/libming/libming/issues/130
@@ -14933,11 +14933,11 @@ CVE-2017-17753 (Multiple cross-site scripting (XSS) 
vulnerabilities in the ...)
 CVE-2017-17752 (Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via 
the body ...)
NOT-FOR-US: Ability Mail Server
 CVE-2017-17751 (Bose SoundTouch devices allows remote attackers to achieve 
remote ...)
-   TODO: check
+   NOT-FOR-US: Bose SoundTouch devices
 CVE-2017-17750 (Bose SoundTouch devices allow XSS via a crafted public 
playlist from ...)
-   TODO: check
+   NOT-FOR-US: Bose SoundTouch devices
 CVE-2017-17749 (Bose SoundTouch devices allow XSS via crafted song data from a 
music ...)
-   TODO: check
+   NOT-FOR-US: Bose SoundTouch devices
 CVE-2017-17748
RESERVED
 CVE-2017-17747 (Weak access controls in the Device Logout functionality on the 
TP-Link ...)
@@ -23134,7 +23134,7 @@ CVE-2018-0554
 CVE-2018-0553
RESERVED
 CVE-2018-0552 (Untrusted search path vulnerability in The installer of 
PhishWall ...)
-   TODO: check
+   NOT-FOR-US: installer of PhishWall Client (Firefox and Chrome edition 
for Windows)
 CVE-2018-0551
RESERVED
 CVE-2018-0550
@@ -23158,19 +23158,19 @@ CVE-2018-0542 (Directory traversal vulnerability in 
WebProxy version 1.7.8 allow
 CVE-2018-0541 (Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker 
to ...)
TODO: check
 CVE-2018-0540 (Untrusted search path vulnerability in ViX version 2.21.148.0 
allows ...)
-   TODO: check
+   NOT-FOR-US: ViX
 CVE-2018-0539 (QQQ SYSTEMS version 2.24 allows an attacker to execute 
arbitrary ...)
-   TODO: check
+   NOT-FOR-US: QQQ SYSTEMS
 CVE-2018-0538 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 
allows an ...)
-   TODO: check
+   NOT-FOR-US: QQQ SYSTEMS
 CVE-2018-0537 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 
allows an ...)
-   TODO: check
+   NOT-FOR-US: QQQ SYSTEMS
 CVE-2018-0536 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 
allows an ...)
-   TODO: check
+   NOT-FOR-US: QQQ SYSTEMS
 CVE-2018-0535 (Cross-site scripting vulnerability in PHP 2chBBS version bbs18c 
allows ...)
-   TODO: check
+   NOT-FOR-US: PHP 2chBBS
 CVE-2018-0534 (Cross-site scripting vulnerability in ArsenoL Version 0.5 
allows an ...)
-   TODO: check
+   NOT-FOR-US: ArsenoL
 CVE-2018-0533
RESERVED
 CVE-2018-0532
@@ -25317,9 +25317,9 @@ CVE-2017-16774
 CVE-2017-16773
RESERVED
 CVE-2017-16772 (Improper input validation vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: Synology Photo Station
 CVE-2017-16771 (Cross-site scripting (XSS) vulnerability in Log Viewer in 
Synology ...)
-   TODO: check
+   NOT-FOR-US: Synology Photo Station
 CVE-2017-16770 (File and directory information exposure vulnerability in ...)
NOT-FOR-US: Synology Surveillance Station
 CVE-2017-16769 (Exposure of private information vulnerability in Photo Viewer 
in ...)
@@ -29388,7 +29388,7 @@ CVE-2017-15327
 CVE-2017-15326 (DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak 
encryption ...)
TODO: check
 CVE-2017-15325 (The Bdat driver of Prague smart phones with software versions 
earlier ...)
-   TODO: check
+   NOT-FOR-US: Bdat driver of Prague smart phones
 CVE-2017-15324 (Huawei S5700 and S6700 with software of V200R005C00 have a DoS 
...)
NOT-FOR-US: Huawei
 CVE-2017-15323 (Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, 
...)
@@ -70581,9 +70581,9 @@ CVE-2017-1791
 CVE-2017-1790
RESERVED
 CVE-2017-1789 (IBM Tivoli Monitoring V6 6.2.3 and

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2014-1665/owncloud

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
769fb00d by Salvatore Bonaccorso at 2018-03-25T09:44:46+02:00
Add CVE-2014-1665/owncloud

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -152258,7 +152258,7 @@ CVE-2014-1668
 CVE-2014-1667
RESERVED
 CVE-2014-1665 (Cross-site scripting (XSS) vulnerability in ownCloud before 
6.0.1 ...)
-   TODO: check
+   - owncloud 
 CVE-2014-1663 (Unspecified vulnerability in Citrix XenMobile Device Manager 
server ...)
NOT-FOR-US: Citrix XenMobile Device Manager server
 CVE-2014-1662



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/769fb00dcaebf4fbfe4cf907ace1d04e429e6546

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/769fb00dcaebf4fbfe4cf907ace1d04e429e6546
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add one additional gitlab issue

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
53fdcfad by Salvatore Bonaccorso at 2018-03-25T09:50:58+02:00
Add one additional gitlab issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -72335,7 +72335,8 @@ CVE-2017-0922 (Gitlab Enterprise Edition version 10.3 
is vulnerable to an ...)
 CVE-2017-0921
RESERVED
 CVE-2017-0920 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, 
and ...)
-   TODO: check
+   - gitlab 10.5.5+dfsg-1
+   NOTE: 
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0919
RESERVED
 CVE-2017-0918 (Gitlab Community Edition version 10.3 is vulnerable to a path 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/53fdcfadbb5ccc8704f25376546db8395cefce26

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/53fdcfadbb5ccc8704f25376546db8395cefce26
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5d6fb42b by security tracker role at 2018-03-25T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,81 @@
+CVE-2018-9009 (In libming 0.4.8, there is a use-after-free in the 
decompileJUMP ...)
+   TODO: check
+CVE-2018-9008
+   RESERVED
+CVE-2018-9007 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+   TODO: check
+CVE-2018-9006 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+   TODO: check
+CVE-2018-9005 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+   TODO: check
+CVE-2018-9004 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+   TODO: check
+CVE-2018-9003 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+   TODO: check
+CVE-2018-9002 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+   TODO: check
+CVE-2018-9001 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+   TODO: check
+CVE-2018-9000 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+   TODO: check
+CVE-2018-8999 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+   TODO: check
+CVE-2018-8998 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
+   TODO: check
+CVE-2018-8997 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
+   TODO: check
+CVE-2018-8996 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
+   TODO: check
+CVE-2018-8995 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
+   TODO: check
+CVE-2018-8994 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
+   TODO: check
+CVE-2018-8993 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
+   TODO: check
+CVE-2018-8992 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
+   TODO: check
+CVE-2018-8991 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
+   TODO: check
+CVE-2018-8990 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
+   TODO: check
+CVE-2018-8989 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
+   TODO: check
+CVE-2018-8988 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
+   TODO: check
+CVE-2018-8987
+   RESERVED
+CVE-2018-8986
+   RESERVED
+CVE-2018-8985
+   RESERVED
+CVE-2018-8984
+   RESERVED
+CVE-2018-8983
+   RESERVED
+CVE-2018-8982
+   RESERVED
+CVE-2018-8981
+   RESERVED
+CVE-2018-8980
+   RESERVED
+CVE-2018-8979
+   RESERVED
+CVE-2018-8978
+   RESERVED
+CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLens function in 
...)
+   TODO: check
+CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a 
denial ...)
+   TODO: check
+CVE-2018-8975 (The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm 
through ...)
+   TODO: check
+CVE-2018-8974
+   RESERVED
+CVE-2018-8973 (OTCMS 3.20 allows XSS by adding a keyword or link to an 
article, as ...)
+   TODO: check
+CVE-2018-8972 (Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has 
CSRF in ...)
+   TODO: check
+CVE-2018-8970 (The int_x509_param_set_hosts function in 
lib/libcrypto/x509/x509_vpm.c ...)
+   TODO: check
 CVE-2018-8969 (An issue was discovered in zzcms 8.2. user/licence_save.php 
allows ...)
NOT-FOR-US: zzcms
 CVE-2018-8968 (An issue was discovered in zzcms 8.2. user/manage.php allows 
remote ...)
@@ -77,7 +155,7 @@ CVE-2017-18246 (The pcm_encode_frame function in 
libavcodec/pcm.c in Libav 12.2 
 CVE-2017-18245 (The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 
allows ...)
- libav 
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1094
-CVE-2018-8971 [Gitlab Auth0 integration issue]
+CVE-2018-8971 (The Auth0 integration in GitLab before 10.3.9, 10.4.x before 
10.4.6, ...)
- gitlab  (bug #893905)
NOTE: 
https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
 CVE-2018-8946



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d6fb42bcdea8ea65fe41fb255124818ba0bb7a7

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d6fb42bcdea8ea65fe41fb255124818ba0bb7a7
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-9009/ming

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6cbf3ad0 by Salvatore Bonaccorso at 2018-03-25T10:22:34+02:00
Add CVE-2018-9009/ming

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,6 @@
 CVE-2018-9009 (In libming 0.4.8, there is a use-after-free in the 
decompileJUMP ...)
-   TODO: check
+   - ming 
+   NOTE: https://github.com/libming/libming/issues/131
 CVE-2018-9008
RESERVED
 CVE-2018-9007 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6cbf3ad0316288c65f45ec7125645a3ccbe7bd8a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6cbf3ad0316288c65f45ec7125645a3ccbe7bd8a
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process new NFUs

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
af33bdbe by Salvatore Bonaccorso at 2018-03-25T10:24:55+02:00
Process new NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4,45 +4,45 @@ CVE-2018-9009 (In libming 0.4.8, there is a use-after-free in 
the decompileJUMP 
 CVE-2018-9008
RESERVED
 CVE-2018-9007 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Advanced SystemCare Ultimate
 CVE-2018-9006 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Advanced SystemCare Ultimate
 CVE-2018-9005 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Advanced SystemCare Ultimate
 CVE-2018-9004 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Advanced SystemCare Ultimate
 CVE-2018-9003 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Advanced SystemCare Ultimate
 CVE-2018-9002 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Advanced SystemCare Ultimate
 CVE-2018-9001 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Advanced SystemCare Ultimate
 CVE-2018-9000 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Advanced SystemCare Ultimate
 CVE-2018-8999 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Advanced SystemCare Ultimate
 CVE-2018-8998 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Advanced SystemCare Ultimate
 CVE-2018-8997 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
-   TODO: check
+   NOT-FOR-US: Windows Master (aka Windows Optimization Master)
 CVE-2018-8996 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
-   TODO: check
+   NOT-FOR-US: Windows Master (aka Windows Optimization Master)
 CVE-2018-8995 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
-   TODO: check
+   NOT-FOR-US: Windows Master (aka Windows Optimization Master)
 CVE-2018-8994 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
-   TODO: check
+   NOT-FOR-US: Windows Master (aka Windows Optimization Master)
 CVE-2018-8993 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
-   TODO: check
+   NOT-FOR-US: Windows Master (aka Windows Optimization Master)
 CVE-2018-8992 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
-   TODO: check
+   NOT-FOR-US: Windows Master (aka Windows Optimization Master)
 CVE-2018-8991 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
-   TODO: check
+   NOT-FOR-US: Windows Master (aka Windows Optimization Master)
 CVE-2018-8990 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
-   TODO: check
+   NOT-FOR-US: Windows Master (aka Windows Optimization Master)
 CVE-2018-8989 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
-   TODO: check
+   NOT-FOR-US: Windows Master (aka Windows Optimization Master)
 CVE-2018-8988 (In Windows Master (aka Windows Optimization Master) 
7.99.13.604, the ...)
-   TODO: check
+   NOT-FOR-US: Windows Master (aka Windows Optimization Master)
 CVE-2018-8987
RESERVED
 CVE-2018-8986
@@ -72,9 +72,9 @@ CVE-2018-8975 (The pm_mallocarray2 function in 
lib/util/mallocvar.c in Netpbm th
 CVE-2018-8974
RESERVED
 CVE-2018-8973 (OTCMS 3.20 allows XSS by adding a keyword or link to an 
article, as ...)
-   TODO: check
+   NOT-FOR-US: OTCMS
 CVE-2018-8972 (Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has 
CSRF in ...)
-   TODO: check
+   NOT-FOR-US: Creditwest Bank CMS Project (aka CWCMS)
 CVE-2018-8970 (The int_x509_param_set_hosts function in 
lib/libcrypto/x509/x509_vpm.c ...)
TODO: check
 CVE-2018-8969 (An issue was discovered in zzcms 8.2. user/licence_save.php 
allows ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/af33bdbe23a2c86ea1ef01c2de3fc8106aae1cb1

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/af33bdbe23a2c86ea1ef01c2de3fc8106aae1cb1
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/ma

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-8970 for libressl specific issue

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ef250a84 by Salvatore Bonaccorso at 2018-03-25T10:55:43+02:00
Add CVE-2018-8970 for libressl specific issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -76,7 +76,7 @@ CVE-2018-8973 (OTCMS 3.20 allows XSS by adding a keyword or 
link to an article, 
 CVE-2018-8972 (Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has 
CSRF in ...)
NOT-FOR-US: Creditwest Bank CMS Project (aka CWCMS)
 CVE-2018-8970 (The int_x509_param_set_hosts function in 
lib/libcrypto/x509/x509_vpm.c ...)
-   TODO: check
+   - libressl  (bug #754513)
 CVE-2018-8969 (An issue was discovered in zzcms 8.2. user/licence_save.php 
allows ...)
NOT-FOR-US: zzcms
 CVE-2018-8968 (An issue was discovered in zzcms 8.2. user/manage.php allows 
remote ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef250a846ebdbb0bbedbb33d1ec989317bf1d14c

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef250a846ebdbb0bbedbb33d1ec989317bf1d14c
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-876{3, 4}/ldap-account-manager

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cf484254 by Salvatore Bonaccorso at 2018-03-25T11:29:02+02:00
Add CVE-2018-876{3,4}/ldap-account-manager

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -581,10 +581,18 @@ CVE-2018-8766 (joyplus-cms 1.6.0 allows Remote Code 
Execution because of an Arbi
NOT-FOR-US: joyplus-cms
 CVE-2018-8765 (In 2345 Security Guard 3.6, the driver file 
(2345NetFirewall.sys) ...)
NOT-FOR-US: 2345 Security Guard
-CVE-2018-8764
-   RESERVED
-CVE-2018-8763
-   RESERVED
+CVE-2018-8764 [CSRF token in URL]
+   RESERVED
+   - ldap-account-manager 
+   NOTE: https://www.ldap-account-manager.org/lamcms/node/354
+   NOTE: 
https://github.com/LDAPAccountManager/lam/commit/993751c7ff0faa07b7c028295152cf9c20349688
+CVE-2018-8763 [XSS vulnerabilities]
+   RESERVED
+   - ldap-account-manager 
+   NOTE: 
https://github.com/LDAPAccountManager/lam/commit/f1d7aec5fc4aaf516e1d8a6f0eb3082050553302
+   NOTE: 
https://github.com/LDAPAccountManager/lam/commit/16fc7f7e8603c5cb7c129cfbf97fc572b9b8740c
+   NOTE: 
https://github.com/LDAPAccountManager/lam/commit/d4f0d6db966af4dd7d83c978125635f03895b81a
+   NOTE: https://www.ldap-account-manager.org/lamcms/node/354
 CVE-2018-8762
RESERVED
 CVE-2018-8761 (protected\apps\member\controller\shopcarController.php in Yxcms 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf484254fc554baac3321fc6ca8fe7fad68111d6

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf484254fc554baac3321fc6ca8fe7fad68111d6
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Consider CVE-2016-10714/zsh as no-dsa

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
80eda3c2 by Salvatore Bonaccorso at 2018-03-25T11:42:44+02:00
Consider CVE-2016-10714/zsh as no-dsa

Can be fixed via upcoming point release of if at anytime a DSA worthy
issue in zsh arise piled up in that DSA.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3596,6 +3596,7 @@ CVE-2017-18205 (In builtin.c in zsh before 5.4, when sh 
compatibility mode is us
 CVE-2016-10714 (In zsh before 5.3, an off-by-one error resulted in undersized 
buffers ...)
{DLA-1304-1}
- zsh 5.3-1
+   [jessie] - zsh  (Minor issue)
NOTE: 
https://sourceforge.net/p/zsh/code/ci/a62e1640bcafbb82d86ea8d8ce057a83c4683d60
 CVE-2014-10072 (In utils.c in zsh before 5.0.6, there is a buffer overflow 
when ...)
{DLA-1304-1}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/80eda3c212c9225a395ccea24d7d99090ad7eae0

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/80eda3c212c9225a395ccea24d7d99090ad7eae0
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add sharutils to dsa-needed list

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ef1eaad5 by Salvatore Bonaccorso at 2018-03-25T11:45:10+02:00
Add sharutils to dsa-needed list

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -75,6 +75,10 @@ redmine
 --
 ruby2.1/oldstable
 --
+sharutils
+  Maintainer proposed debdiff for review for stretch-security.
+  Pending request back for jessie-security
+--
 sqlite3/oldstable
 --
 sssd/stable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef1eaad580c2af5a496f318c5de7b7582fd024eb

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef1eaad580c2af5a496f318c5de7b7582fd024eb
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update information for CVE-2018-1071/zsh

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9473d6a6 by Salvatore Bonaccorso at 2018-03-25T11:55:32+02:00
Update information for CVE-2018-1071/zsh

Issue has been adressed upstream with commit 
https://sourceforge.net/p/zsh/code/ci/679b71ec4d852037fe5f73d35bf557b0f406c8d4

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21289,9 +21289,9 @@ CVE-2018-1073
 CVE-2018-1072
RESERVED
 CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer 
...)
-   - zsh 
+   - zsh 
+   NOTE: 
https://sourceforge.net/p/zsh/code/ci/679b71ec4d852037fe5f73d35bf557b0f406c8d4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1553531
-   NOTE: No actionable information at this point
 CVE-2018-1070
RESERVED
 CVE-2018-1069 (Red Hat OpenShift Enterprise version 3.7 is vulnerable to 
access ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9473d6a6ed99699c4eee6840e12e50cc2e80480f

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9473d6a6ed99699c4eee6840e12e50cc2e80480f
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1083/zsh

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d1de98d2 by Salvatore Bonaccorso at 2018-03-25T11:53:20+02:00
Add CVE-2018-1083/zsh

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21258,8 +21258,10 @@ CVE-2018-1085
NOT-FOR-US: openshift-ansible
 CVE-2018-1084
RESERVED
-CVE-2018-1083
+CVE-2018-1083 [check bounds on PATH_MAX-sized buffer used for file completion 
candidates]
RESERVED
+   - zsh 
+   NOTE: 
https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7
 CVE-2018-1082
RESERVED
 CVE-2018-1081



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1de98d268651a09575ee16647a8e45cc1c91e17

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1de98d268651a09575ee16647a8e45cc1c91e17
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-1000002/knot-resolver as no-dsa/ignored

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
54ba16a5 by Salvatore Bonaccorso at 2018-03-25T13:45:49+02:00
Mark CVE-2018-102/knot-resolver as no-dsa/ignored

Low severity impact of the issue and minor enought to not warrant a DSA.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9103,6 +9103,7 @@ CVE-2018-103 (Improper input validation bugs in 
DNSSEC validators components
NOTE: 
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-01.html
 CVE-2018-102 (Improper input validation bugs in DNSSEC validators 
components in Knot ...)
- knot-resolver 1.5.2-1
+   [stretch] - knot-resolver  (Minor issue)
NOTE: https://www.knot-resolver.cz/2018-01-22-knot-resolver-1.5.2.html
NOTE: prior to 1.5.1 memcached module was called kmemcached
 CVE-2018-5704 (Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts 
to use ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/54ba16a544b4839d944e14fc3fabb164163a9ec5

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/54ba16a544b4839d944e14fc3fabb164163a9ec5
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Remove knot-resolver fro dsa-needed list

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
76297cbb by Salvatore Bonaccorso at 2018-03-25T13:47:20+02:00
Remove knot-resolver fro dsa-needed list

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -30,8 +30,6 @@ graphicsmagick
 imagemagick
   Wait until more issues have piled up
 --
-knot-resolver
---
 libav/oldstable
   We can ship the next libav 11.x point release when available
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/76297cbb06e52cad2d51bf56676c69c4edeee0b8

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/76297cbb06e52cad2d51bf56676c69c4edeee0b8
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add ruby-loofah to dsa-needed list

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
87deb322 by Salvatore Bonaccorso at 2018-03-25T14:13:56+02:00
Add ruby-loofah to dsa-needed list

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -71,6 +71,9 @@ qemu/oldstable
 redmine
   oldstable also affected, but might be worth EOLing
 --
+ruby-loofah
+  Georg Faerber proposed to prepare an update
+--
 ruby2.1/oldstable
 --
 sharutils



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/87deb322c5c0056846a828f1d06f73f431f5796c

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/87deb322c5c0056846a828f1d06f73f431f5796c
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Claim net-snmp in data/dla-needed.txt

2018-03-25 Thread Chris Lamb 
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
49e8f773 by Chris Lamb at 2018-03-25T12:17:41-04:00
Claim net-snmp in data/dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -114,7 +114,7 @@ mosquitto (Chris Lamb)
 --
 mp4v2
 --
-net-snmp
+net-snmp (Chris Lamb)
 --
 opencv
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/49e8f77314b819dab2eb9da962a001f9e79f1d9a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/49e8f77314b819dab2eb9da962a001f9e79f1d9a
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] libav no-dsa

2018-03-25 Thread Moritz Muehlenhoff 
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c3f9d7db by Moritz Muehlenhoff at 2018-03-25T18:33:16+02:00
libav no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -148,13 +148,16 @@ CVE-2018-1000137 (I, Librarian version 4.8 and earlier 
contains a Cross site Req
- i-librarian  (bug #649291)
NOTE: https://github.com/mkucej/i-librarian/issues/121
 CVE-2017-18247 (The av_audio_fifo_size function in libavutil/audio_fifo.c in 
Libav 12.2 ...)
-   - libav 
+   - libav  (low)
+   [jessie] - libav  (Minor issue)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1089
 CVE-2017-18246 (The pcm_encode_frame function in libavcodec/pcm.c in Libav 
12.2 allows ...)
-   - libav 
+   - libav  (low)
+   [jessie] - libav  (Minor issue)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1095
 CVE-2017-18245 (The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 
allows ...)
-   - libav 
+   - libav  (low)
+   [jessie] - libav  (Minor issue)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1094
 CVE-2018-8971 (The Auth0 integration in GitLab before 10.3.9, 10.4.x before 
10.4.6, ...)
- gitlab  (bug #893905)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c3f9d7dba56855920e46fbd1771d6058f9de754c

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c3f9d7dba56855920e46fbd1771d6058f9de754c
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add apache2 to dla-needed.txt

2018-03-25 Thread Markus Koschany 
Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7548310f by Markus Koschany at 2018-03-25T19:21:53+02:00
Add apache2 to dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -10,6 +10,8 @@ this list is updated have a look at
 https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 
 --
+apache2
+--
 calibre
   NOTE: Instead of replacing pickle with json, maybe disable bookmarking
   NOTE: completely and invest the time to fix the Jessie version instead?



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7548310f8ba18d39de423f2b1a2048420a6c453a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7548310f8ba18d39de423f2b1a2048420a6c453a
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add ldap-account-manager to dla-needed.txt

2018-03-25 Thread Markus Koschany 
Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
14963d74 by Markus Koschany at 2018-03-25T19:27:38+02:00
Add ldap-account-manager to dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -62,6 +62,8 @@ lame (Hugo Lefeuvre)
   NOTE: 20180317: Patch available and tested. However I am probably not going 
to upload it since the security team is not
   NOTE: interested in patching Jessie and I evaluate regression risks as non 
negligible.
 --
+ldap-account-manager
+--
 leptonlib
   NOTE: more issues like previous ones
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/14963d7417e5efc1ad6f6cf0a3d7c1cef1de56a9

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/14963d7417e5efc1ad6f6cf0a3d7c1cef1de56a9
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add apache2 to dsa-needed list

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
956a242c by Salvatore Bonaccorso at 2018-03-25T19:32:30+02:00
Add apache2 to dsa-needed list

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -14,6 +14,9 @@ If needed, specify the release by adding a slash after the 
name of the source pa
 --
 389-ds-base (fw)
 --
+apache2
+  Maintaine will look into the issues, but no urgent DSA needed
+--
 asterisk/stable
 --
 chromium-browser/stable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/956a242c3c01a8e2a8c1f8c6e7e49ec7c1bf28fa

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/956a242c3c01a8e2a8c1f8c6e7e49ec7c1bf28fa
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-1000140, librelp: Wheezy is not affected.

2018-03-25 Thread Markus Koschany 
Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
487c454e by Markus Koschany at 2018-03-25T19:37:52+02:00
CVE-2018-1000140,librelp: Wheezy is not affected.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -137,6 +137,7 @@ CVE-2018-1000141 (I, Librarian version 4.9 and earlier 
contains an Incorrect Acc
NOTE: https://github.com/mkucej/i-librarian/issues/124
 CVE-2018-1000140 (rsyslog librelp version 1.2.14 and earlier contains a Buffer 
Overflow ...)
- librelp 1.2.15-1
+   [wheezy] - librelp  (vulnerable code not present)
NOTE: Fixed by: 
https://github.com/rsyslog/librelp/commit/2cfe657672636aa5d7d2a14cfcb0a6ab9d1f00cf
 CVE-2018-1000139 (I, Librarian version 4.8 and earlier contains a Cross Site 
Scripting ...)
- i-librarian  (bug #649291)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/487c454e51e0751e3d2ebede2987055147c4863a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/487c454e51e0751e3d2ebede2987055147c4863a
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add ruby-rack-protection to dla-needed.txt

2018-03-25 Thread Markus Koschany 
Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
342c27b7 by Markus Koschany at 2018-03-25T19:44:37+02:00
Add ruby-rack-protection to dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -139,6 +139,8 @@ ruby1.9.1 (Santiago R.R.)
 --
 rubygems (Santiago R.R.)
 --
+ruby-rack-protection
+--
 sam2p
 --
 samba (Holger Levsen)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/342c27b77456b5252aef6b3080e2f36c4fb193e5

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/342c27b77456b5252aef6b3080e2f36c4fb193e5
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] zsh no-dsa

2018-03-25 Thread Moritz Muehlenhoff 
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4e6e6ce3 by Moritz Muehlenhoff at 2018-03-25T19:46:52+02:00
zsh no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21265,7 +21265,9 @@ CVE-2018-1084
RESERVED
 CVE-2018-1083 [check bounds on PATH_MAX-sized buffer used for file completion 
candidates]
RESERVED
-   - zsh 
+   - zsh  (low)
+   [stretch] - zsh  (Minor issue)
+   [jessie] - zsh  (Minor issue)
NOTE: 
https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7
 CVE-2018-1082
RESERVED
@@ -21294,7 +21296,9 @@ CVE-2018-1073
 CVE-2018-1072
RESERVED
 CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer 
...)
-   - zsh 
+   - zsh  (low)
+   [stretch] - zsh  (Minor issue)
+   [jessie] - zsh  (Minor issue)
NOTE: 
https://sourceforge.net/p/zsh/code/ci/679b71ec4d852037fe5f73d35bf557b0f406c8d4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1553531
 CVE-2018-1070



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e6e6ce335d7746443154630a2b83b43f736b08f

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e6e6ce335d7746443154630a2b83b43f736b08f
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Add libvncserver to dla-needed.txt

2018-03-25 Thread Markus Koschany 
Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bdb34531 by Markus Koschany at 2018-03-25T19:49:06+02:00
Add libvncserver to dla-needed.txt

- - - - -
885ebc89 by Markus Koschany at 2018-03-25T19:49:25+02:00
Merge branch 'master' of 
salsa.debian.org:security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -88,6 +88,8 @@ libreoffice
 --
 libslf4j-java (Markus Koschany)
 --
+libvncserver
+--
 libvorbis
   NOTE: Underlying reason for CVE-2017-14160 yet unclear, no upstream feedback 
on this issue.
   NOTE: Fixes for other CVEs applied upstream and in sid.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/4e6e6ce335d7746443154630a2b83b43f736b08f...885ebc8984eebcefc8f9d0a1dc849f7b2330b17a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/4e6e6ce335d7746443154630a2b83b43f736b08f...885ebc8984eebcefc8f9d0a1dc849f7b2330b17a
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add zsh to dla-needed.txt

2018-03-25 Thread Markus Koschany 
Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
82dbeead by Markus Koschany at 2018-03-25T19:53:14+02:00
Add zsh to dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -174,3 +174,5 @@ wordpress
   NOTE: 20180221: Upstream still unsure how to fix (lamby)
   NOTE: 20180311: Upstream still unsure how to fix. 
 (lamby)
 --
+zsh
+--



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/82dbeead786b4bb2a4acc1d2ff1f952d5042d39a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/82dbeead786b4bb2a4acc1d2ff1f952d5042d39a
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add xerces-c to dla-needed.txt

2018-03-25 Thread Markus Koschany 
Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
00bd27a8 by Markus Koschany at 2018-03-25T20:01:48+02:00
Add xerces-c to dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -174,5 +174,7 @@ wordpress
   NOTE: 20180221: Upstream still unsure how to fix (lamby)
   NOTE: 20180311: Upstream still unsure how to fix. 
 (lamby)
 --
+xerces-c
+--
 zsh
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/00bd27a8fd772562ff7f18020c2827386b10f766

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/00bd27a8fd772562ff7f18020c2827386b10f766
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reference commit for CVE-2018-7225

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8306f3a5 by Salvatore Bonaccorso at 2018-03-25T21:07:39+02:00
Reference commit for CVE-2018-7225

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4722,6 +4722,7 @@ CVE-2018-7226 (An issue was discovered in 
vcSetXCutTextProc() in VNConsole.c in 
 CVE-2018-7225 (An issue was discovered in LibVNCServer through 0.9.11. ...)
- libvncserver 
NOTE: https://github.com/LibVNC/libvncserver/issues/218
+   NOTE: 
https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee
 CVE-2018-7224
RESERVED
 CVE-2018-7223



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8306f3a5a7ba0ef2cd1a9171dc8038a6e5609c4f

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8306f3a5a7ba0ef2cd1a9171dc8038a6e5609c4f
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-1083

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8be08bf1 by Salvatore Bonaccorso at 2018-03-25T21:08:24+02:00
Add bug reference for CVE-2018-1083

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21266,7 +21266,7 @@ CVE-2018-1084
RESERVED
 CVE-2018-1083 [check bounds on PATH_MAX-sized buffer used for file completion 
candidates]
RESERVED
-   - zsh  (low)
+   - zsh  (low; bug #894043)
[stretch] - zsh  (Minor issue)
[jessie] - zsh  (Minor issue)
NOTE: 
https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8be08bf12981d7234882e596cb1e84d31b16071f

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8be08bf12981d7234882e596cb1e84d31b16071f
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-1071

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ab28b5fa by Salvatore Bonaccorso at 2018-03-25T21:09:24+02:00
Add bug reference for CVE-2018-1071

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21297,7 +21297,7 @@ CVE-2018-1073
 CVE-2018-1072
RESERVED
 CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer 
...)
-   - zsh  (low)
+   - zsh  (low; bug #894044)
[stretch] - zsh  (Minor issue)
[jessie] - zsh  (Minor issue)
NOTE: 
https://sourceforge.net/p/zsh/code/ci/679b71ec4d852037fe5f73d35bf557b0f406c8d4



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ab28b5fa8c09713f8381e57040338a3883043efd

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ab28b5fa8c09713f8381e57040338a3883043efd
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-7225/libvncserver

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a4c585a5 by Salvatore Bonaccorso at 2018-03-25T21:19:33+02:00
Add bug reference for CVE-2018-7225/libvncserver

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4720,7 +4720,7 @@ CVE-2018-7226 (An issue was discovered in 
vcSetXCutTextProc() in VNConsole.c in 
- vncterm 
NOTE: https://github.com/LibVNC/vncterm/issues/6
 CVE-2018-7225 (An issue was discovered in LibVNCServer through 0.9.11. ...)
-   - libvncserver 
+   - libvncserver  (bug #894045)
NOTE: https://github.com/LibVNC/libvncserver/issues/218
NOTE: 
https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee
 CVE-2018-7224



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4c585a5affdda4a908d6afcd9a2bb0a267e3f81

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4c585a5affdda4a908d6afcd9a2bb0a267e3f81
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
50608f14 by security tracker role at 2018-03-25T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,19 @@
+CVE-2018-9017 (dsmall v20180320 allows XSS via the member search box at the 
...)
+   TODO: check
+CVE-2018-9016 (dsmall v20180320 allows XSS via the main page search box at the 
...)
+   TODO: check
+CVE-2018-9015 (dsmall v20180320 allows XSS via the ...)
+   TODO: check
+CVE-2018-9014 (dsmall v20180320 allows physical path leakage via a ...)
+   TODO: check
+CVE-2018-9013
+   RESERVED
+CVE-2018-9012
+   RESERVED
+CVE-2018-9011
+   RESERVED
+CVE-2018-9010 (Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow 
remote ...)
+   TODO: check
 CVE-2018-9009 (In libming 0.4.8, there is a use-after-free in the 
decompileJUMP ...)
- ming 
NOTE: https://github.com/libming/libming/issues/131
@@ -59,10 +75,10 @@ CVE-2018-8981
RESERVED
 CVE-2018-8980
RESERVED
-CVE-2018-8979
-   RESERVED
-CVE-2018-8978
-   RESERVED
+CVE-2018-8979 (Open-AudIT Professional 2.1 has CSRF, as demonstrated by 
modifying a ...)
+   TODO: check
+CVE-2018-8978 (Open-AudIT Professional 2.1 has XSS via a crafted src attribute 
of an ...)
+   TODO: check
 CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLens function in 
...)
TODO: check
 CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a 
denial ...)
@@ -130,8 +146,8 @@ CVE-2018-8949 (An issue was discovered in 
app/Model/Attribute.php in MISP before
NOT-FOR-US: MISP
 CVE-2018-8948 (In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp 
has ...)
NOT-FOR-US: MISP
-CVE-2018-8947
-   RESERVED
+CVE-2018-8947 (rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 
encoding ...)
+   TODO: check
 CVE-2018-1000141 (I, Librarian version 4.9 and earlier contains an Incorrect 
Access ...)
- i-librarian  (bug #649291)
NOTE: https://github.com/mkucej/i-librarian/issues/124
@@ -457,8 +473,8 @@ CVE-2018-8819
RESERVED
 CVE-2018-8818
RESERVED
-CVE-2018-8817
-   RESERVED
+CVE-2018-8817 (Wampserver before 3.1.3 has CSRF in add_vhost.php. ...)
+   TODO: check
 CVE-2018-8816
RESERVED
 CVE-2018-8815 (Cross-site scripting (XSS) vulnerability in the gallery 
function in ...)
@@ -2987,8 +3003,8 @@ CVE-2018-7721 (Cross Site Scripting (XSS) exists in 
MetInfo 6.0.0 via ...)
NOT-FOR-US: MetInfo
 CVE-2018-7720 (A cross-site request forgery (CSRF) vulnerability exists in 
Western ...)
NOT-FOR-US: Western Bridge Cobub Razor
-CVE-2018-7719
-   RESERVED
+CVE-2018-7719 (Acrolinx Server before 5.2.5 on Windows allows Directory 
Traversal. ...)
+   TODO: check
 CVE-2018-7752 (GPAC through 0.7.1 has a Buffer Overflow in the 
gf_media_avc_read_sps ...)
- gpac  (bug #892526)
[wheezy] - gpac  (vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/50608f147a7b202caeb7931b50abb34f0527aa49

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/50608f147a7b202caeb7931b50abb34f0527aa49
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2017-12627

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a050528a by Salvatore Bonaccorso at 2018-03-25T22:12:24+02:00
Add bug reference for CVE-2017-12627

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -37977,7 +37977,7 @@ CVE-2017-12629 (Remote code execution occurs in Apache 
Solr before 7.1 with Apac
 CVE-2017-12628 (The JMX server embedded in Apache James, also used by the 
command line ...)
NOT-FOR-US: Apache James
 CVE-2017-12627 (In Apache Xerces-C XML Parser library before 3.2.1, processing 
of ...)
-   - xerces-c 
+   - xerces-c  (bug #894050)
NOTE: https://svn.apache.org/viewvc?view=revision&revision=1819998
NOTE: https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt
 CVE-2017-12626 (Apache POI in versions prior to release 3.17 are vulnerable to 
Denial ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a050528a29727373974c9798021c4b9afb44d0a5

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a050528a29727373974c9798021c4b9afb44d0a5
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2017-1002102/kubernetes

2018-03-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
078eddb6 by Salvatore Bonaccorso at 2018-03-25T22:21:48+02:00
Add bug reference for CVE-2017-1002102/kubernetes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20638,7 +20638,7 @@ CVE-2017-17458 (In Mercurial before 4.4.1, it is 
possible that a specially malfo
NOTE: Fixed by: https://mercurial-scm.org/repo/hg/rev/071cbeba4212
NOTE: Alternative workaround: 
https://mercurial-scm.org/repo/hg/rev/5e27afeddaee
 CVE-2017-1002102 (In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior 
to ...)
-   - kubernetes 
+   - kubernetes  (bug #894051)
NOTE: https://github.com/kubernetes/kubernetes/issues/60814
 CVE-2017-1002101 (In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior 
to ...)
- kubernetes  (bug #892801)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/078eddb611062566e5ead7fd669093255d0755f5

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/078eddb611062566e5ead7fd669093255d0755f5
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Correct ordering

2018-03-25 Thread Chris Lamb 
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
95ce632e by Chris Lamb at 2018-03-25T16:58:45-04:00
data/dla-needed.txt: Correct ordering

- - - - -
bd98c02e by Chris Lamb at 2018-03-25T16:58:48-04:00
Unclaim mosquitto in data/dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -116,7 +116,7 @@ ming (Hugo Lefeuvre)
 --
 mingw-w64
 --
-mosquitto (Chris Lamb)
+mosquitto
 --
 mp4v2
 --
@@ -137,12 +137,12 @@ qemu
 --
 qemu-kvm
 --
+ruby-rack-protection
+--
 ruby1.9.1 (Santiago R.R.)
 --
 rubygems (Santiago R.R.)
 --
-ruby-rack-protection
---
 sam2p
 --
 samba (Holger Levsen)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/078eddb611062566e5ead7fd669093255d0755f5...bd98c02e90f154e7b98dfa5697002dc13e5c39ba

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/078eddb611062566e5ead7fd669093255d0755f5...bd98c02e90f154e7b98dfa5697002dc13e5c39ba
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] +mupdf and +sharutils : luciano

2018-03-25 Thread Luciano Bello 
Luciano Bello pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ae5d8751 by Luciano Bello at 2018-03-25T20:58:08-04:00
+mupdf and +sharutils : luciano

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -45,6 +45,8 @@ linux
 --
 mercurial
 --
+mupdf (luciano)
+--
 openjdk-7/oldstable (jmm)
 --
 openjpeg2 (luciano)
@@ -79,7 +81,7 @@ ruby-loofah
 --
 ruby2.1/oldstable
 --
-sharutils
+sharutils (luciano)
   Maintainer proposed debdiff for review for stretch-security.
   Pending request back for jessie-security
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae5d875143f4ac606e9134880057a5686f97e88d

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae5d875143f4ac606e9134880057a5686f97e88d
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits