(rev 39088)
+++ data/dla-needed.txt 2016-01-22 13:51:02 UTC (rev 39089)
@@ -42,6 +42,8 @@
pound
NOTE: updating to the wheezy option might be less error prone
--
+privoxy (Thorsten Alteholz)
+--
radicale (Markus Koschany)
--
tiff (Santiago R.R
40390)
+++ data/dsa-needed.txt 2016-03-15 18:53:30 UTC (rev 40391)
@@ -18,6 +18,9 @@
--
botan1.10
--
+extplorer/oldstable (Thorsten Alteholz)
+ NOTE: .debdiff sent to the Security Team, waiting for feedback
+--
gosa/oldstable (Mike Gabriel)
NOTE: .debdiff sent to the Security Team, waiting
:49:43 UTC (rev 40837)
+++ data/dsa-needed.txt 2016-04-09 17:58:07 UTC (rev 40838)
@@ -15,6 +15,7 @@
389-ds-base
--
asterisk
+ NOTE: Thorsten Alteholz is looking at CVEs for Wheezy and maybe Jessie ...
--
botan1.10
--
___
Secure-testing-commits
40504)
+++ data/dsa-needed.txt 2016-03-21 21:03:51 UTC (rev 40505)
@@ -35,6 +35,9 @@
no-dsa bugs CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716
should be fixed along
--
+inspircd/oldstable (Thorsten Alteholz)
+ NOTE: .debdiff sent to the Security Team, waiting for feedback
(rev 40570)
+++ data/dsa-needed.txt 2016-03-25 12:52:53 UTC (rev 40571)
@@ -24,6 +24,7 @@
NOTE: .debdiff sent to the Security Team, waiting for feedback
--
fuseiso/oldstable (Thorsten Alteholz)
+ NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-03-25
--
gosa/oldstable
(rev 40624)
+++ data/dsa-needed.txt 2016-03-29 10:31:00 UTC (rev 40625)
@@ -92,6 +92,9 @@
tardiff
fw asked maintainer for preparing debdiffs for wheezy- and jessie-security
--
+tlslite/oldstable
+ NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-03-29
+--
tiff3
--
tomcat7
41125)
+++ data/dsa-needed.txt 2016-04-24 20:24:38 UTC (rev 41126)
@@ -15,7 +15,7 @@
389-ds-base
--
asterisk
- NOTE: Thorsten Alteholz is looking at CVEs for Wheezy and maybe Jessie ...
+ NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-04-24
--
botan1.10 (Markus Koschany
)
+++ data/dla-needed.txt 2016-04-26 11:43:33 UTC (rev 41203)
@@ -73,7 +73,7 @@
policykit-1
NOTE: CVE-2016-2568 doesn't have a fix yet, 20160425
--
-poppler
+poppler (Thorsten Alteholz)
--
samba
Samba maintainers are preparing updates for regressions
-26 09:10:11 UTC (rev 41198)
+++ data/dla-needed.txt 2016-04-26 09:30:40 UTC (rev 41199)
@@ -9,8 +9,6 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-389-ds-base
---
asterisk (Thorsten Alteholz)
--
botan1.10 (Markus Koschany
+From 18-04 to 24-04:Thorsten Alteholz <alteh...@debian.org>
From 25-04 to 01-05:Santiago Ruano Rincón <santiag...@riseup.net>
From 02-05 to 08-05:Markus Koschany <a...@debian.org>
From 09-05 to 15-05:Chris Lamb <ch...@chris-lamb.co.uk>
From 16-05 to 22-05:Antoine Be
Author: alteholz
Date: 2016-04-23 15:22:54 + (Sat, 23 Apr 2016)
New Revision: 41088
Modified:
data/CVE/list
Log:
only version 11.x affected
Modified: data/CVE/list
===
--- data/CVE/list 2016-04-23 15:13:35 UTC (rev
Author: alteholz
Date: 2016-04-23 17:03:15 + (Sat, 23 Apr 2016)
New Revision: 41090
Modified:
data/CVE/list
Log:
only version 11.x, 12.x, 13.x affected
Modified: data/CVE/list
===
--- data/CVE/list 2016-04-23 16:54:46
-needed.txt 2016-04-25 10:37:02 UTC (rev 41143)
+++ data/dla-needed.txt 2016-04-25 11:37:38 UTC (rev 41144)
@@ -9,6 +9,8 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
+asterisk (Thorsten Alteholz)
+--
cacti
NOTE: Issue being disputed, check
https://bugs.debian.org/cgi
-22 17:53:15 UTC (rev 41939)
+++ data/dla-needed.txt 2016-05-22 18:00:37 UTC (rev 41940)
@@ -24,9 +24,6 @@
--
eglibc (Santiago R.R.)
--
-extplorer (Thorsten Alteholz)
- NOTE: package for testing uploaded
---
gosa (Mike Gabriel)
NOTE: .debdiff sent to the Security Team, waiting for feedback
)
+++ data/dla-needed.txt 2016-05-11 15:42:23 UTC (rev 41636)
@@ -74,7 +74,7 @@
NOTE: maintainer wants to upload package (as done before)
NOTE: <20160213161710.ga9...@roeckx.be>
--
-ocaml
+ocaml (Thorsten Alteholz)
--
openafs (Thorsten Al
)
+++ data/dla-needed.txt 2016-05-11 20:49:58 UTC (rev 41652)
@@ -136,7 +136,7 @@
--
x11vnc
--
-xerces-c
+xerces-c (Thorsten Alteholz)
--
xymon (Chris Lamb)
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
Author: alteholz
Date: 2016-05-12 17:55:42 + (Thu, 12 May 2016)
New Revision: 41682
Modified:
data/CVE/list
Log:
patch for CVE-2015-5660 can be found somewhere else
Modified: data/CVE/list
===
--- data/CVE/list
41679)
+++ data/dla-needed.txt 2016-05-12 17:20:03 UTC (rev 41680)
@@ -22,7 +22,7 @@
--
dhcpcd5
--
-extplorer
+extplorer (Thorsten Alteholz)
--
gosa (Mike Gabriel)
NOTE: .debdiff sent to the Security Team, waiting for feedback
___
Secure-testing
--
-xerces-c (Thorsten Alteholz)
---
xymon (Chris Lamb)
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
UTC (rev 41811)
+++ data/dla-needed.txt 2016-05-17 18:01:52 UTC (rev 41812)
@@ -10,7 +10,6 @@
--
asterisk (Thorsten Alteholz)
- NOTE: CVE-2014-2287 and CVE-2014-2287 still pending?
--
bozohttpd
--
___
Secure-testing-commits mailing list
Secure
)
+++ data/dla-needed.txt 2016-05-15 17:49:52 UTC (rev 41747)
@@ -25,6 +25,7 @@
eglibc
--
extplorer (Thorsten Alteholz)
+ NOTE: package for testing uploaded
--
gosa (Mike Gabriel)
NOTE: .debdiff sent to the Security Team, waiting for feedback
@@ -72,6 +73,7 @@
NOTE: <20160213161710.
)
@@ -47,9 +47,6 @@
--
linux
--
-minissdpd
- NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-03-28
---
nss (Guido Günther)
--
ntp
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
41392)
+++ data/dla-needed.txt 2016-05-03 17:48:42 UTC (rev 41393)
@@ -9,8 +9,6 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-asterisk (Thorsten Alteholz)
---
cacti
NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425
NOTE: Maintainer wants to review changes
41393)
+++ data/dla-needed.txt 2016-05-03 17:49:07 UTC (rev 41394)
@@ -9,6 +9,8 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
+ asterisk (Thorsten Alteholz)
+--
cacti
NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425
NOTE: Maintainer wants to review changes
)
+++ data/dla-needed.txt 2016-05-04 10:11:56 UTC (rev 41410)
@@ -47,6 +47,8 @@
--
linux
--
+ mplayer (Thorsten Alteholz)
+--
nss (Guido Günther)
--
ntp
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
@@
--
linux
--
-mercurial (Thorsten Alteholz)
---
nagios3 (Markus Koschany)
--
nss (Guido Günther)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing
)
+++ data/dla-needed.txt 2016-05-06 20:43:26 UTC (rev 41492)
@@ -33,6 +33,8 @@
imagemagick
NOTE: only minor issues
--
+lcms2 (Thorsten Alteholz)
+--
libidn
Working debdiff for wheezy-security at
https://people.debian.org/~ghedo/libidn_1.25-2+deb7u1.diff
+58,6 @@
--
mercurial (Thorsten Alteholz)
--
-mplayer2 (Thorsten Alteholz)
---
nagios3 (Markus Koschany)
--
nss (Guido Günther)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org
)
+++ data/dla-needed.txt 2016-05-05 21:16:50 UTC (rev 41461)
@@ -66,7 +66,7 @@
NOTE: maintainer wants to upload package (as done before)
NOTE: <20160213161710.ga9...@roeckx.be>
--
-openafs
+openafs (Thorsten Alteholz)
--
pdns (Guido G
41420)
+++ data/dla-needed.txt 2016-05-04 18:29:31 UTC (rev 41421)
@@ -47,7 +47,7 @@
--
linux
--
- mplayer (Thorsten Alteholz)
+mercurial (Thorsten Alteholz)
--
nss (Guido Günther)
--
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: alteholz
Date: 2016-05-04 18:27:04 + (Wed, 04 May 2016)
New Revision: 41420
Modified:
data/DLA/list
Log:
Reserve DLA-457-1 for mplayer
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-04 18:17:39 UTC (rev
(rev 41428)
+++ data/dla-needed.txt 2016-05-04 20:54:06 UTC (rev 41429)
@@ -55,6 +55,8 @@
--
mercurial (Thorsten Alteholz)
--
+mplayer2 (Thorsten Alteholz)
+--
nagios3 (Markus Koschany)
--
nss (Guido Günther)
___
Secure-testing-commits mailing list
+76,6 @@
policykit-1
NOTE: CVE-2016-2568 doesn't have a fix yet, 20160425
--
-poppler (Thorsten Alteholz)
---
samba
Samba maintainers are preparing updates for regressions
--
___
Secure-testing-commits mailing list
Secure-testing-commits
2016-05-07 16:49:20 UTC (rev 41516)
+++ data/dla-needed.txt 2016-05-07 16:51:15 UTC (rev 41517)
@@ -31,8 +31,6 @@
imagemagick
NOTE: only minor issues
--
-lcms2 (Thorsten Alteholz)
---
libidn
Working debdiff for wheezy-security at
https://people.debian.org/~ghedo/libidn_1.25-2+deb7u1.diff
Author: alteholz
Date: 2016-05-07 16:49:20 + (Sat, 07 May 2016)
New Revision: 41516
Modified:
data/CVE/list
Log:
mark CVE for lcms2 as not-affected
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-07 14:13:52 UTC
)
+++ data/dla-needed.txt 2016-07-27 08:19:35 UTC (rev 43523)
@@ -56,7 +56,7 @@
is not available yet. It will be available in next upstream release (already
in upstream roadmap).
--
-mupdf
+mupdf (Thorsten Alteholz)
NOTE: Can reproduce in wheezy chroot.
--
mysql-5.5 (Santiago R.R
Author: alteholz
Date: 2016-07-27 10:54:37 + (Wed, 27 Jul 2016)
New Revision: 43526
Modified:
data/CVE/list
Log:
mark CVE-2016-3120 as no-dsa in Wheezy like in Jessie
Modified: data/CVE/list
===
--- data/CVE/list
Author: alteholz
Date: 2016-07-25 12:37:34 + (Mon, 25 Jul 2016)
New Revision: 43449
Modified:
data/CVE/list
Log:
mark CVE-2016-6209 as no-dsa in Wheezy like in Jessie
Modified: data/CVE/list
===
--- data/CVE/list
Author: alteholz
Date: 2016-07-28 20:46:03 + (Thu, 28 Jul 2016)
New Revision: 43580
Modified:
data/dla-needed.txt
Log:
add ntp
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-28 20:44:40 UTC (rev 43579)
+++
Author: alteholz
Date: 2016-07-28 20:36:56 + (Thu, 28 Jul 2016)
New Revision: 43575
Modified:
data/dla-needed.txt
Log:
add lighttpd
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-28 20:33:53 UTC (rev 43574)
Author: alteholz
Date: 2016-07-28 20:39:57 + (Thu, 28 Jul 2016)
New Revision: 43577
Modified:
data/dla-needed.txt
Log:
add xmlrpc-epi
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-28 20:38:14 UTC (rev
Author: alteholz
Date: 2016-07-28 20:33:53 + (Thu, 28 Jul 2016)
New Revision: 43574
Modified:
data/dla-needed.txt
Log:
add wireshark
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-28 19:18:37 UTC (rev
Author: alteholz
Date: 2016-07-28 20:44:40 + (Thu, 28 Jul 2016)
New Revision: 43579
Modified:
data/dla-needed.txt
Log:
add libapache2-mod-fcgid
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-28 20:43:16 UTC
Author: alteholz
Date: 2016-07-28 20:38:14 + (Thu, 28 Jul 2016)
New Revision: 43576
Modified:
data/dla-needed.txt
Log:
add twisted
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-28 20:36:56 UTC (rev 43575)
(rev 43593)
+++ data/dla-needed.txt 2016-07-29 08:31:11 UTC (rev 43594)
@@ -132,5 +132,5 @@
Update prepared by credativ ready here:
https://people.debian.org/~zobel/xen-lts/
Just need review, upload and DLA.
--
-xmlrpc-epi
+xmlrpc-epi (Thorsten Alteholz
/dla-needed.txt 2016-07-29 21:11:34 UTC (rev 43629)
@@ -132,5 +132,3 @@
Update prepared by credativ ready here:
https://people.debian.org/~zobel/xen-lts/
Just need review, upload and DLA.
--
-xmlrpc-epi (Thorsten Alteholz)
---
___
Secure-testing
Author: alteholz
Date: 2016-07-29 21:17:58 + (Fri, 29 Jul 2016)
New Revision: 43630
Modified:
data/dla-needed.txt
Log:
libapache2-mod-fcgid has been taken care of by apache2 upload
Modified: data/dla-needed.txt
===
---
)
+++ data/dla-needed.txt 2016-07-31 09:59:15 UTC (rev 43672)
@@ -11,6 +11,9 @@
--
asterisk (Thorsten Alteholz)
--
+erlang
+ NOTE: recheck, maybe it is enough to just blacklist HTTP_PROXY in mod_cgi.
+--
extplorer
NOTE: 20160529, no fix yet
NOTE: 20160618, still no fix
@@
is not available yet. It will be available in next upstream release (already
in upstream roadmap).
--
-mupdf (Thorsten Alteholz)
- NOTE: Can reproduce in wheezy chroot.
---
ntp
NOTE: up to now maintainer did the LTS uploads
--
___
Secure-testing
Author: alteholz
Date: 2016-07-31 09:32:57 + (Sun, 31 Jul 2016)
New Revision: 43669
Modified:
data/CVE/list
data/dla-needed.txt
Log:
mark libjgroups-java as no-dsa in Wheezy like in Jessie
Modified: data/CVE/list
===
---
Author: alteholz
Date: 2016-07-31 09:50:59 + (Sun, 31 Jul 2016)
New Revision: 43670
Modified:
data/dla-needed.txt
Log:
add nettle
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-31 09:32:57 UTC (rev 43669)
Author: alteholz
Date: 2016-07-31 09:55:40 + (Sun, 31 Jul 2016)
New Revision: 43671
Modified:
data/dla-needed.txt
Log:
add mongodb
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-31 09:50:59 UTC (rev 43670)
Author: alteholz
Date: 2016-07-27 12:07:46 + (Wed, 27 Jul 2016)
New Revision: 43528
Modified:
data/CVE/list
Log:
mark CVE-2016-1000108 as no-dsa in Wheezy like in Jessie
Modified: data/CVE/list
===
--- data/CVE/list
Hargreaves)
NOTE: Ben and Thorsten have the patches.
--
php5 (Thorsten Alteholz)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
<ch...@chris-lamb.co.uk>
-From 26-09 to 02-10:
+From 26-09 to 02-10:Thorsten Alteholz <alteh...@debian.org>
From 03-10 to 09-10:Balint Reczey <bal...@balintreczey.hu>
From 10-10 to 16-10:Markus Koschany <a...@debian.org>
From 17-10 to 23-1
Author: alteholz
Date: 2016-08-11 20:38:49 + (Thu, 11 Aug 2016)
New Revision: 43941
Modified:
data/CVE/list
Log:
mark sogo CVEs as as it has been done before
Modified: data/CVE/list
===
--- data/CVE/list 2016-08-11
:28 UTC (rev 43313)
+++ data/dla-needed.txt 2016-07-20 18:02:58 UTC (rev 43314)
@@ -43,7 +43,8 @@
--
libjgroups-java
--
-libreoffice (Thorsten Alteholz)
+libreoffice
+ NOTE: this package needs 30GB disk space, lots of RAM and CPU power
--
libupnp
UTC (rev 43241)
@@ -11,8 +11,6 @@
--
asterisk (Thorsten Alteholz)
--
-bind9
---
binutils (Brian May)
--
binutils-h8300-hms
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin
(Thorsten Alteholz)
---
wireshark (Balint Reczey)
Preparing Jessie update, then Wheezy LTS, too.
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure
(rev 42917)
+++ data/dla-needed.txt 2016-06-30 17:41:42 UTC (rev 42918)
@@ -72,7 +72,6 @@
NOTE: priority issues and will fix them after the next release of OpenSSL.
--
php5 (Thorsten Alteholz)
- NOTE: At least CVE-2016-4538 is vulnerable
--
phpmyadmin (Ola Lundqvist
42925)
+++ data/dla-needed.txt 2016-06-30 20:17:53 UTC (rev 42926)
@@ -44,6 +44,8 @@
--
libarchive (Markus Koschany)
--
+libgd2 (Thorsten Alteholz)
+--
libical
NOTE: issues are currently not public, but
https://marc.info/?l=oss-security=146685931517961=2 claims
42926)
+++ data/dla-needed.txt 2016-06-30 20:24:07 UTC (rev 42927)
@@ -53,7 +53,7 @@
--
libjgroups-java
--
-libreoffice
+libreoffice (Thorsten Alteholz)
--
linux
--
___
Secure-testing-commits mailing list
Secure-testing-commits
-29 18:03:10 UTC (rev 42886)
@@ -71,8 +71,6 @@
NOTE: Kurt Roeckx considers CVE-2016-2177 and CVE-2016-2178 to be low
NOTE: priority issues and will fix them after the next release of OpenSSL.
--
-php5 (Thorsten Alteholz)
---
phpmyadmin (Ola Lundqvist)
--
pidgin (Brian May
Author: alteholz
Date: 2016-06-29 18:19:32 + (Wed, 29 Jun 2016)
New Revision: 42887
Modified:
data/CVE/list
Log:
mark issues
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-29 18:03:10 UTC (rev 42886)
+++
42888)
@@ -38,8 +38,6 @@
--
libarchive (Markus Koschany)
--
-libgd2 (Thorsten Alteholz)
---
libical
NOTE: issues are currently not public, but
https://marc.info/?l=oss-security=146685931517961=2 claims
___
Secure-testing-commits mailing list
(rev 42888)
+++ data/dla-needed.txt 2016-06-29 18:21:55 UTC (rev 42889)
@@ -69,6 +69,8 @@
NOTE: Kurt Roeckx considers CVE-2016-2177 and CVE-2016-2178 to be low
NOTE: priority issues and will fix them after the next release of OpenSSL.
--
+php5 (Thorsten Alteholz)
+--
phpmyadmin (Ola Lundqvist
<ch...@chris-lamb.co.uk>
-From 25-07 to 31-07:
+From 25-07 to 31-07:Thorsten Alteholz <alteh...@debian.org>
From 01-08 to 07-08:Markus Koschany <a...@debian.org>
From 08-08 to 14-08:Guido Günther <a...@sigxcpu.org>
From 15-08 to 21-08:Chris Lamb <ch...@chris-lamb.co.uk
Author: alteholz
Date: 2016-08-17 18:01:38 + (Wed, 17 Aug 2016)
New Revision: 44012
Modified:
data/dla-needed.txt
Log:
all done for xen
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-08-17 17:38:58 UTC (rev
Author: alteholz
Date: 2017-01-31 10:48:12 + (Tue, 31 Jan 2017)
New Revision: 48601
Modified:
data/CVE/list
Log:
change check to NOFU
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-31 10:11:31 UTC (rev 48600)
+++
Author: alteholz
Date: 2017-01-31 10:49:50 + (Tue, 31 Jan 2017)
New Revision: 48602
Modified:
data/CVE/list
Log:
change check to NOFU
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-31 10:48:12 UTC (rev 48601)
+++
Author: alteholz
Date: 2017-01-31 11:24:18 + (Tue, 31 Jan 2017)
New Revision: 48603
Modified:
data/CVE/list
Log:
TODO for CVE-2011-4076 done
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-31 10:49:50 UTC (rev
Author: alteholz
Date: 2017-01-31 11:42:16 + (Tue, 31 Jan 2017)
New Revision: 48605
Modified:
data/CVE/list
Log:
first version in unstable containing the fix
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-31
Author: alteholz
Date: 2017-01-31 18:37:33 + (Tue, 31 Jan 2017)
New Revision: 48625
Modified:
data/CVE/list
Log:
mark some Microsoft issues as NOT-FOR-US:
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-31
Author: alteholz
Date: 2017-02-04 18:15:07 + (Sat, 04 Feb 2017)
New Revision: 48712
Modified:
data/CVE/list
Log:
Microsoft CLFS is NOFU
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-04 17:45:19 UTC (rev 48711)
Author: alteholz
Date: 2017-02-04 18:45:49 + (Sat, 04 Feb 2017)
New Revision: 48714
Modified:
data/CVE/list
Log:
Microsoft Excel is NOFU
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-04 18:43:06 UTC (rev 48713)
Author: alteholz
Date: 2017-02-04 18:51:33 + (Sat, 04 Feb 2017)
New Revision: 48715
Modified:
data/CVE/list
Log:
Microsoft NFUs
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-04 18:45:49 UTC (rev 48714)
+++
Author: alteholz
Date: 2017-02-04 18:43:06 + (Sat, 04 Feb 2017)
New Revision: 48713
Modified:
data/CVE/list
Log:
Microsoft OWA is NOFU
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-04 18:15:07 UTC (rev 48712)
)
+++ data/dla-needed.txt 2017-01-31 21:13:45 UTC (rev 48634)
@@ -14,7 +14,7 @@
NOTE: update needs testing in
https://lists.debian.org/87fukh7hcq@curie.anarc.at
NOTE: ready to upload after smoke tests, read the above thread.
--
-bitlbee
+bitlbee (Thorsten Alteholz)
--
calibre
NOTE
)
+++ data/dla-needed.txt 2017-01-30 10:43:45 UTC (rev 48552)
@@ -39,7 +39,7 @@
NOTE: https://lists.debian.org/debian-lts/2017/01/msg00059.html
--
jasper (Thorsten Alteholz)
- NOTE: not really clear what CVEs need to be fixed
+ NOTE: no upstream fixes yet
--
jbig2dec (Raphaël Hertzog
Author: alteholz
Date: 2017-01-30 21:22:09 + (Mon, 30 Jan 2017)
New Revision: 48578
Modified:
data/CVE/list
Log:
according to
https://lists.apple.com/archives/security-announce/2016/Mar/msg5.html this
belongs to Safari
Modified: data/CVE/list
Author: alteholz
Date: 2017-01-30 19:05:33 + (Mon, 30 Jan 2017)
New Revision: 48566
Modified:
data/CVE/list
Log:
add bug number
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-30 18:57:10 UTC (rev 48565)
+++
48375)
+++ data/dla-needed.txt 2017-01-25 14:52:01 UTC (rev 48376)
@@ -40,6 +40,7 @@
imagemagick (Guido Günther)
--
jasper (Thorsten Alteholz)
+ NOTE: not really clear what CVEs need to be fixed
--
jbig2dec (Raphaël Hertzog)
NOTE: No known solution as of 2017-01-20
48374)
+++ data/dla-needed.txt 2017-01-25 14:51:02 UTC (rev 48375)
@@ -120,5 +120,5 @@
NOTE: Dominik George (maintainer) will take care of the issue:
NOTE: https://lists.debian.org/debian-lts/2016/12/msg00135.html
--
-zoneminder
+zoneminder (Thorsten Alteholz
(rev 48519)
@@ -113,5 +113,3 @@
NOTE: Dominik George (maintainer) will take care of the issue:
NOTE: https://lists.debian.org/debian-lts/2016/12/msg00135.html
--
-zoneminder (Thorsten Alteholz)
---
___
Secure-testing-commits mailing list
Secure
Author: alteholz
Date: 2017-01-29 15:18:37 + (Sun, 29 Jan 2017)
New Revision: 48525
Modified:
data/dla-needed.txt
Log:
add note to slurm-llnl
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-29 13:22:47 UTC
2017-01-29 11:13:51 UTC (rev 48518)
@@ -14,8 +14,6 @@
NOTE: update needs testing in
https://lists.debian.org/87fukh7hcq@curie.anarc.at
NOTE: ready to upload after smoke tests, read the above thread.
--
-bind9 (Thorsten Alteholz)
---
cgiemail
--
calibre
Author: alteholz
Date: 2017-02-20 19:04:47 + (Mon, 20 Feb 2017)
New Revision: 49075
Modified:
data/CVE/list
Log:
mark CVE-2017-5969 as no-dsa like in Jessie and fix typo
Modified: data/CVE/list
===
--- data/CVE/list
Author: alteholz
Date: 2017-02-20 21:05:54 + (Mon, 20 Feb 2017)
New Revision: 49082
Modified:
data/dla-needed.txt
Log:
libxml2 is no longer needed
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-20 20:33:22
49170)
+++ data/dla-needed.txt 2017-02-24 10:06:21 UTC (rev 49171)
@@ -78,7 +78,7 @@
NOTE: 2016-12-13: Upstream ping here:
https://rt.cpan.org/Public/Bug/Display.html?id=118097#txn-1690223
NOTE: 2017-01-20: Ping upstream by private email -- Raphael Hertzog
--
-libytnef
+libytnef (Thorsten
Author: alteholz
Date: 2017-02-24 11:19:24 + (Fri, 24 Feb 2017)
New Revision: 49176
Modified:
data/dla-needed.txt
Log:
add xbmc under reserve
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-24 11:18:19 UTC
Author: alteholz
Date: 2017-02-24 11:28:57 + (Fri, 24 Feb 2017)
New Revision: 49180
Modified:
data/CVE/list
Log:
add note for libytnef fix
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-24 11:26:48 UTC (rev
Author: alteholz
Date: 2017-02-25 12:08:46 + (Sat, 25 Feb 2017)
New Revision: 49206
Modified:
data/packages/lts-do-not-call
Log:
maintainer of radare2 opted out
Modified: data/packages/lts-do-not-call
===
---
(rev 49206)
+++ data/dla-needed.txt 2017-02-25 12:11:54 UTC (rev 49207)
@@ -108,7 +108,7 @@
qemu-kvm (Guido Günther)
--
radare2 (Thorsten Alteholz)
- NOTE: according to maintainer, nothing needs to be done, recheck
+ NOTE: the vulnerability still exists, but is just in a different function
49207)
+++ data/dla-needed.txt 2017-02-25 12:48:20 UTC (rev 49208)
@@ -117,6 +117,8 @@
NOTE: from my point of view backporting the introduction of these new
members to this old
NOTE: version is way to invasive and such this should be marked as
--
+tnef (Thorsten Alteholz)
+--
xbmc
NOTE
Author: alteholz
Date: 2017-02-25 15:07:29 + (Sat, 25 Feb 2017)
New Revision: 49213
Modified:
data/dla-needed.txt
Log:
add mupdf
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-25 15:00:22 UTC (rev 49212)
(rev 49213)
+++ data/dla-needed.txt 2017-02-25 15:08:09 UTC (rev 49214)
@@ -15,6 +15,7 @@
NOTE: ready to upload after smoke tests, read the above thread.
--
bind9 (Thorsten Alteholz)
+ NOTE: test package at
https://people.debian.org/~alteholz/packages/wheezy-lts/bind9/amd64/
--
calibre
Author: alteholz
Date: 2017-02-25 15:21:30 + (Sat, 25 Feb 2017)
New Revision: 49215
Modified:
data/CVE/list
Log:
add bug number
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-25 15:08:09 UTC (rev 49214)
+++
to respond
+--
jasper (Thorsten Alteholz)
NOTE: no upstream fixes yet
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
Author: alteholz
Date: 2017-02-25 15:43:59 + (Sat, 25 Feb 2017)
New Revision: 49218
Modified:
data/dla-needed.txt
Log:
add zziplib
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-25 15:38:11 UTC (rev 49217)
Author: alteholz
Date: 2017-02-24 22:21:06 + (Fri, 24 Feb 2017)
New Revision: 49194
Modified:
data/dla-needed.txt
Log:
add radare2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-24 21:10:12 UTC (rev 49193)
301 - 400 of 760 matches
Mail list logo