[Secure-testing-commits] r23826 - data/CVE
Author: jmm Date: 2013-09-30 05:32:03 + (Mon, 30 Sep 2013) New Revision: 23826 Modified: data/CVE/list Log: linux issue added to kernel-sec Modified: data/CVE/list === --- data/CVE/list 2013-09-30 05:12:39 UTC (rev 23825) +++ data/CVE/list 2013-09-30 05:32:03 UTC (rev 23826) @@ -3413,7 +3413,6 @@ RESERVED - linux-2.6 - linux - TODO: check CVE-2013-4386 RESERVED CVE-2013-4385 [Buffer overrun] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23825 - data/CVE
Author: jmm Date: 2013-09-30 05:12:39 + (Mon, 30 Sep 2013) New Revision: 23825 Modified: data/CVE/list Log: icedove fixed Modified: data/CVE/list === --- data/CVE/list 2013-09-29 21:14:53 UTC (rev 23824) +++ data/CVE/list 2013-09-30 05:12:39 UTC (rev 23825) @@ -10582,13 +10582,13 @@ {DSA-2762-1 DSA-2759-1} - iceweasel 24.0-1 [squeeze] - iceweasel - - icedove + - icedove 17.0.9-1 [squeeze] - icedove CVE-2013-1736 (The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before ...) {DSA-2762-1 DSA-2759-1} - iceweasel 24.0-1 [squeeze] - iceweasel - - icedove + - icedove 17.0.9-1 [squeeze] - icedove - iceape [squeeze] - iceape @@ -10596,7 +10596,7 @@ {DSA-2762-1 DSA-2759-1} - iceweasel 24.0-1 [squeeze] - iceweasel - - icedove + - icedove 17.0.9-1 [squeeze] - icedove - iceape [squeeze] - iceape @@ -10608,7 +10608,7 @@ {DSA-2762-1 DSA-2759-1} - iceweasel 24.0-1 [squeeze] - iceweasel - - icedove + - icedove 17.0.9-1 [squeeze] - icedove - iceape [squeeze] - iceape @@ -10620,7 +10620,7 @@ {DSA-2762-1 DSA-2759-1} - iceweasel 24.0-1 [squeeze] - iceweasel - - icedove + - icedove 17.0.9-1 [squeeze] - icedove - iceape [squeeze] - iceape @@ -10646,7 +10646,7 @@ {DSA-2762-1 DSA-2759-1} - iceweasel 24.0-1 [squeeze] - iceweasel - - icedove + - icedove 17.0.9-1 [squeeze] - icedove - iceape [squeeze] - iceape @@ -10666,7 +10666,7 @@ {DSA-2762-1 DSA-2759-1} - iceweasel 24.0-1 [squeeze] - iceweasel - - icedove + - icedove 17.0.9-1 [squeeze] - icedove - iceape [squeeze] - iceape @@ -10691,7 +10691,7 @@ {DSA-2762-1 DSA-2759-1} - iceweasel 24.0-1 [squeeze] - iceweasel - - icedove + - icedove 17.0.9-1 [squeeze] - icedove - iceape [squeeze] - iceape @@ -10789,7 +10789,7 @@ {DSA-2720-1 DSA-2716-1} - iceweasel 17.0.7esr-1 [squeeze] - iceweasel - - icedove + - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23824 - data/CVE
Author: joeyh Date: 2013-09-29 21:14:53 + (Sun, 29 Sep 2013) New Revision: 23824 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2013-09-29 20:52:21 UTC (rev 23823) +++ data/CVE/list 2013-09-29 21:14:53 UTC (rev 23824) @@ -3497,6 +3497,7 @@ RESERVED CVE-2013-4359 [mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication] RESERVED + {DSA-2767-1} - proftpd-dfsg (bug #723179) CVE-2013-4358 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23823 - data/CVE
Author: carnil Date: 2013-09-29 20:52:21 + (Sun, 29 Sep 2013) New Revision: 23823 Modified: data/CVE/list Log: Add source package name for CVE-2013-4387 NOTE: checked code for linux/3.10.11-1 currently in unstable for https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=2811ebac2521ceac84f2bdae402455baa6a7fb47 Leave the TODO item. Modified: data/CVE/list === --- data/CVE/list 2013-09-29 15:04:50 UTC (rev 23822) +++ data/CVE/list 2013-09-29 20:52:21 UTC (rev 23823) @@ -3409,9 +3409,10 @@ RESERVED CVE-2013-4388 RESERVED -CVE-2013-4387 +CVE-2013-4387 [memory corruption with ipv6 udp offloading] RESERVED - NOTE: http://www.openwall.com/lists/oss-security/2013/09/29/1 + - linux-2.6 + - linux TODO: check CVE-2013-4386 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23822 - data
Author: pabs Date: 2013-09-29 15:04:50 + (Sun, 29 Sep 2013) New Revision: 23822 Modified: data/embedded-code-copies Log: iceweasel 24 forked libjs-pdf Modified: data/embedded-code-copies === --- data/embedded-code-copies 2013-09-29 15:03:34 UTC (rev 23821) +++ data/embedded-code-copies 2013-09-29 15:04:50 UTC (rev 23822) @@ -2648,3 +2648,5 @@ - trac-jsgantt (embed; bug #724287) NOTE: jsgantt is not packaged seperately so far +libjs-pdf + - iceweasel (fork) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23821 - in data: . DSA
Author: nion Date: 2013-09-29 15:03:34 + (Sun, 29 Sep 2013) New Revision: 23821 Modified: data/DSA/list data/dsa-needed.txt Log: DSA-2767-1 (proftpd-dfsg) Modified: data/DSA/list === --- data/DSA/list 2013-09-29 08:46:23 UTC (rev 23820) +++ data/DSA/list 2013-09-29 15:03:34 UTC (rev 23821) @@ -1,3 +1,7 @@ +[28 Sep 2013] DSA-2767-1 proftpd-dfsg - denial of service + {CVE-2013-4359} + [squeeze] - proftpd-dfsg 1.3.3a-6squeeze7 + [wheezy] - proftpd-dfsg 1.3.4a-5+deb7u1 [27 Sep 2013] DSA-2766-1 linux-2.6 - several {CVE-2013-2141 CVE-2013-2164 CVE-2013-2206 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-2239 CVE-2013-2851 CVE-2013-2852 CVE-2013-2888 CVE-2013-2892} [squeeze] - linux-2.6 2.6.32-48squeeze4 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2013-09-29 08:46:23 UTC (rev 23820) +++ data/dsa-needed.txt 2013-09-29 15:03:34 UTC (rev 23821) @@ -75,8 +75,6 @@ -- policykit-1 -- -proftpd-dfsg --- quagga -- qt4-x11/oldstable ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23820 - data/CVE
Author: fgeek-guest Date: 2013-09-29 08:46:23 + (Sun, 29 Sep 2013) New Revision: 23820 Modified: data/CVE/list Log: NFU CVE-2013-5916 Modified: data/CVE/list === --- data/CVE/list 2013-09-29 08:21:41 UTC (rev 23819) +++ data/CVE/list 2013-09-29 08:46:23 UTC (rev 23820) @@ -56,6 +56,7 @@ NOT-FOR-US: NOSpam PTIa plugin for Wordpress CVE-2013-5916 RESERVED + NOT-FOR-US: WordPress plugin wp-e-commerce CVE-2013-5915 RESERVED CVE-2013-5914 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23819 - data/CVE
Author: fgeek-guest Date: 2013-09-29 08:21:41 + (Sun, 29 Sep 2013) New Revision: 23819 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-09-29 06:06:33 UTC (rev 23818) +++ data/CVE/list 2013-09-29 08:21:41 UTC (rev 23819) @@ -1,3 +1,5 @@ +CVE-2013-5959 + NOT-FOR-US: Blue Coat ProxySG CVE-2013-5943 (Multiple cross-site scripting (XSS) vulnerabilities in Graphite before ...) - graphite-web 0.9.12+debian-1 CVE-2013-5942 (Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, ...) @@ -1017,6 +1019,7 @@ RESERVED CVE-2013-5498 RESERVED + NOT-FOR-US: Cisco IOS XR CVE-2013-5497 (The authentication manager process in the web framework in Cisco ...) NOT-FOR-US: Cisco Intrusion Prevention System CVE-2013-5496 (Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote ...) @@ -1207,6 +1210,7 @@ RESERVED CVE-2013-5403 RESERVED + NOT-FOR-US: IBM WebSphere CVE-2013-5402 RESERVED CVE-2013-5401 @@ -1695,8 +1699,10 @@ RESERVED CVE-2013-5161 RESERVED + NOT-FOR-US: Apple iOS CVE-2013-5160 RESERVED + NOT-FOR-US: Apple iOS CVE-2013-5159 (WebKit in Apple iOS before 7 allows remote attackers to bypass the ...) NOT-FOR-US: Apple iOS CVE-2013-5158 (The Social subsystem in Apple iOS before 7 does not properly restrict ...) @@ -13982,6 +13988,7 @@ NOT-FOR-US: IBM CVE-2013-0598 RESERVED + NOT-FOR-US: IBM Rational ClearQuest CVE-2013-0597 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0596 (Cross-site scripting (XSS) vulnerability in the Administrative console ...) @@ -28875,6 +28882,7 @@ NOT-FOR-US: Cisco IOS CVE-2012-1313 RESERVED + NOT-FOR-US: Cisco Unified Computing System CVE-2012-1312 (The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to ...) NOT-FOR-US: Cisco IOS CVE-2012-1311 (The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits