[Secure-testing-commits] r23826 - data/CVE
Author: jmm Date: 2013-09-30 05:32:03 + (Mon, 30 Sep 2013) New Revision: 23826 Modified: data/CVE/list Log: linux issue added to kernel-sec Modified: data/CVE/list === --- data/CVE/list 2013-09-30 05:12:39 UTC (rev 23825) +++ data/CVE/list 2013-09-30 05:32:03 UTC (rev 23826) @@ -3413,7 +3413,6 @@ RESERVED - linux-2.6 - linux - TODO: check CVE-2013-4386 RESERVED CVE-2013-4385 [Buffer overrun] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23825 - data/CVE
Author: jmm
Date: 2013-09-30 05:12:39 + (Mon, 30 Sep 2013)
New Revision: 23825
Modified:
data/CVE/list
Log:
icedove fixed
Modified: data/CVE/list
===
--- data/CVE/list 2013-09-29 21:14:53 UTC (rev 23824)
+++ data/CVE/list 2013-09-30 05:12:39 UTC (rev 23825)
@@ -10582,13 +10582,13 @@
{DSA-2762-1 DSA-2759-1}
- iceweasel 24.0-1
[squeeze] - iceweasel
- - icedove
+ - icedove 17.0.9-1
[squeeze] - icedove
CVE-2013-1736 (The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox
before ...)
{DSA-2762-1 DSA-2759-1}
- iceweasel 24.0-1
[squeeze] - iceweasel
- - icedove
+ - icedove 17.0.9-1
[squeeze] - icedove
- iceape
[squeeze] - iceape
@@ -10596,7 +10596,7 @@
{DSA-2762-1 DSA-2759-1}
- iceweasel 24.0-1
[squeeze] - iceweasel
- - icedove
+ - icedove 17.0.9-1
[squeeze] - icedove
- iceape
[squeeze] - iceape
@@ -10608,7 +10608,7 @@
{DSA-2762-1 DSA-2759-1}
- iceweasel 24.0-1
[squeeze] - iceweasel
- - icedove
+ - icedove 17.0.9-1
[squeeze] - icedove
- iceape
[squeeze] - iceape
@@ -10620,7 +10620,7 @@
{DSA-2762-1 DSA-2759-1}
- iceweasel 24.0-1
[squeeze] - iceweasel
- - icedove
+ - icedove 17.0.9-1
[squeeze] - icedove
- iceape
[squeeze] - iceape
@@ -10646,7 +10646,7 @@
{DSA-2762-1 DSA-2759-1}
- iceweasel 24.0-1
[squeeze] - iceweasel
- - icedove
+ - icedove 17.0.9-1
[squeeze] - icedove
- iceape
[squeeze] - iceape
@@ -10666,7 +10666,7 @@
{DSA-2762-1 DSA-2759-1}
- iceweasel 24.0-1
[squeeze] - iceweasel
- - icedove
+ - icedove 17.0.9-1
[squeeze] - icedove
- iceape
[squeeze] - iceape
@@ -10691,7 +10691,7 @@
{DSA-2762-1 DSA-2759-1}
- iceweasel 24.0-1
[squeeze] - iceweasel
- - icedove
+ - icedove 17.0.9-1
[squeeze] - icedove
- iceape
[squeeze] - iceape
@@ -10789,7 +10789,7 @@
{DSA-2720-1 DSA-2716-1}
- iceweasel 17.0.7esr-1
[squeeze] - iceweasel
- - icedove
+ - icedove 17.0.7-1
[squeeze] - icedove
- iceape
[squeeze] - iceape
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23824 - data/CVE
Author: joeyh
Date: 2013-09-29 21:14:53 + (Sun, 29 Sep 2013)
New Revision: 23824
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2013-09-29 20:52:21 UTC (rev 23823)
+++ data/CVE/list 2013-09-29 21:14:53 UTC (rev 23824)
@@ -3497,6 +3497,7 @@
RESERVED
CVE-2013-4359 [mod_sftp/mod_sftp_pam invalid pool allocation during kbdint
authentication]
RESERVED
+ {DSA-2767-1}
- proftpd-dfsg (bug #723179)
CVE-2013-4358
RESERVED
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23823 - data/CVE
Author: carnil Date: 2013-09-29 20:52:21 + (Sun, 29 Sep 2013) New Revision: 23823 Modified: data/CVE/list Log: Add source package name for CVE-2013-4387 NOTE: checked code for linux/3.10.11-1 currently in unstable for https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=2811ebac2521ceac84f2bdae402455baa6a7fb47 Leave the TODO item. Modified: data/CVE/list === --- data/CVE/list 2013-09-29 15:04:50 UTC (rev 23822) +++ data/CVE/list 2013-09-29 20:52:21 UTC (rev 23823) @@ -3409,9 +3409,10 @@ RESERVED CVE-2013-4388 RESERVED -CVE-2013-4387 +CVE-2013-4387 [memory corruption with ipv6 udp offloading] RESERVED - NOTE: http://www.openwall.com/lists/oss-security/2013/09/29/1 + - linux-2.6 + - linux TODO: check CVE-2013-4386 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23822 - data
Author: pabs Date: 2013-09-29 15:04:50 + (Sun, 29 Sep 2013) New Revision: 23822 Modified: data/embedded-code-copies Log: iceweasel 24 forked libjs-pdf Modified: data/embedded-code-copies === --- data/embedded-code-copies 2013-09-29 15:03:34 UTC (rev 23821) +++ data/embedded-code-copies 2013-09-29 15:04:50 UTC (rev 23822) @@ -2648,3 +2648,5 @@ - trac-jsgantt (embed; bug #724287) NOTE: jsgantt is not packaged seperately so far +libjs-pdf + - iceweasel (fork) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23821 - in data: . DSA
Author: nion
Date: 2013-09-29 15:03:34 + (Sun, 29 Sep 2013)
New Revision: 23821
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
DSA-2767-1 (proftpd-dfsg)
Modified: data/DSA/list
===
--- data/DSA/list 2013-09-29 08:46:23 UTC (rev 23820)
+++ data/DSA/list 2013-09-29 15:03:34 UTC (rev 23821)
@@ -1,3 +1,7 @@
+[28 Sep 2013] DSA-2767-1 proftpd-dfsg - denial of service
+ {CVE-2013-4359}
+ [squeeze] - proftpd-dfsg 1.3.3a-6squeeze7
+ [wheezy] - proftpd-dfsg 1.3.4a-5+deb7u1
[27 Sep 2013] DSA-2766-1 linux-2.6 - several
{CVE-2013-2141 CVE-2013-2164 CVE-2013-2206 CVE-2013-2232 CVE-2013-2234
CVE-2013-2237 CVE-2013-2239 CVE-2013-2851 CVE-2013-2852 CVE-2013-2888
CVE-2013-2892}
[squeeze] - linux-2.6 2.6.32-48squeeze4
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2013-09-29 08:46:23 UTC (rev 23820)
+++ data/dsa-needed.txt 2013-09-29 15:03:34 UTC (rev 23821)
@@ -75,8 +75,6 @@
--
policykit-1
--
-proftpd-dfsg
---
quagga
--
qt4-x11/oldstable
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23820 - data/CVE
Author: fgeek-guest Date: 2013-09-29 08:46:23 + (Sun, 29 Sep 2013) New Revision: 23820 Modified: data/CVE/list Log: NFU CVE-2013-5916 Modified: data/CVE/list === --- data/CVE/list 2013-09-29 08:21:41 UTC (rev 23819) +++ data/CVE/list 2013-09-29 08:46:23 UTC (rev 23820) @@ -56,6 +56,7 @@ NOT-FOR-US: NOSpam PTIa plugin for Wordpress CVE-2013-5916 RESERVED + NOT-FOR-US: WordPress plugin wp-e-commerce CVE-2013-5915 RESERVED CVE-2013-5914 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23819 - data/CVE
Author: fgeek-guest Date: 2013-09-29 08:21:41 + (Sun, 29 Sep 2013) New Revision: 23819 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-09-29 06:06:33 UTC (rev 23818) +++ data/CVE/list 2013-09-29 08:21:41 UTC (rev 23819) @@ -1,3 +1,5 @@ +CVE-2013-5959 + NOT-FOR-US: Blue Coat ProxySG CVE-2013-5943 (Multiple cross-site scripting (XSS) vulnerabilities in Graphite before ...) - graphite-web 0.9.12+debian-1 CVE-2013-5942 (Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, ...) @@ -1017,6 +1019,7 @@ RESERVED CVE-2013-5498 RESERVED + NOT-FOR-US: Cisco IOS XR CVE-2013-5497 (The authentication manager process in the web framework in Cisco ...) NOT-FOR-US: Cisco Intrusion Prevention System CVE-2013-5496 (Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote ...) @@ -1207,6 +1210,7 @@ RESERVED CVE-2013-5403 RESERVED + NOT-FOR-US: IBM WebSphere CVE-2013-5402 RESERVED CVE-2013-5401 @@ -1695,8 +1699,10 @@ RESERVED CVE-2013-5161 RESERVED + NOT-FOR-US: Apple iOS CVE-2013-5160 RESERVED + NOT-FOR-US: Apple iOS CVE-2013-5159 (WebKit in Apple iOS before 7 allows remote attackers to bypass the ...) NOT-FOR-US: Apple iOS CVE-2013-5158 (The Social subsystem in Apple iOS before 7 does not properly restrict ...) @@ -13982,6 +13988,7 @@ NOT-FOR-US: IBM CVE-2013-0598 RESERVED + NOT-FOR-US: IBM Rational ClearQuest CVE-2013-0597 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0596 (Cross-site scripting (XSS) vulnerability in the Administrative console ...) @@ -28875,6 +28882,7 @@ NOT-FOR-US: Cisco IOS CVE-2012-1313 RESERVED + NOT-FOR-US: Cisco Unified Computing System CVE-2012-1312 (The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to ...) NOT-FOR-US: Cisco IOS CVE-2012-1311 (The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
