[Secure-testing-commits] r23934 - data/CVE
Author: carnil Date: 2013-10-10 06:05:57 + (Thu, 10 Oct 2013) New Revision: 23934 Modified: data/CVE/list Log: Add bugereference for CVE-2013-4397/libtar Modified: data/CVE/list === --- data/CVE/list 2013-10-10 05:44:11 UTC (rev 23933) +++ data/CVE/list 2013-10-10 06:05:57 UTC (rev 23934) @@ -3506,7 +3506,7 @@ RESERVED CVE-2013-4397 [Integer overflow] RESERVED - - libtar + - libtar (bug #725938) CVE-2013-4396 [Use after free in Xserver handling of ImageText requests] RESERVED - xorg-server 2:1.14.3-4 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23933 - data/CVE
Author: carnil Date: 2013-10-10 05:44:11 + (Thu, 10 Oct 2013) New Revision: 23933 Modified: data/CVE/list Log: Add libtar issue (CVE-2013-4397) Modified: data/CVE/list === --- data/CVE/list 2013-10-09 21:14:23 UTC (rev 23932) +++ data/CVE/list 2013-10-10 05:44:11 UTC (rev 23933) @@ -3504,8 +3504,9 @@ NOTE: fixed in 1.1.3 (not yet in unstable) CVE-2013-4398 RESERVED -CVE-2013-4397 +CVE-2013-4397 [Integer overflow] RESERVED + - libtar CVE-2013-4396 [Use after free in Xserver handling of ImageText requests] RESERVED - xorg-server 2:1.14.3-4 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23932 - data/CVE
Author: joeyh Date: 2013-10-09 21:14:23 + (Wed, 09 Oct 2013) New Revision: 23932 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2013-10-09 20:39:46 UTC (rev 23931) +++ data/CVE/list 2013-10-09 21:14:23 UTC (rev 23932) @@ -3771,6 +3771,7 @@ - typo3 (All versions from 6.0.0 up to the development branch of 6.2) CVE-2013-4319 [Torque privilege escalation] RESERVED + {DSA-2770-1} - torque (bug #722306) NOTE: http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html CVE-2013-4318 @@ -3972,12 +3973,15 @@ NOTE: upstream commit: https://github.com/ansible/ansible/commit/6bf5d195065bc23b5fc72ba690d7ed45f228aaf0 CVE-2013-4258 [Format string] RESERVED + {DSA-2771-1} - nas 1.9.3-6 (bug #720287) CVE-2013-4257 [Heap Overflow] RESERVED + {DSA-2771-1} - nas 1.9.3-6 (bug #720287) CVE-2013-4256 [Buffer Overflows] RESERVED + {DSA-2771-1} - nas 1.9.3-6 (bug #720287) CVE-2013-4255 [condor_startd DoS when parsing policy definition that evaluates to ERROR or UNDEFINED] RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23931 - data/CVE
Author: carnil Date: 2013-10-09 20:39:46 + (Wed, 09 Oct 2013) New Revision: 23931 Modified: data/CVE/list Log: Add bugnumber for CVE-2013-4412/slim Modified: data/CVE/list === --- data/CVE/list 2013-10-09 20:29:38 UTC (rev 23930) +++ data/CVE/list 2013-10-09 20:39:46 UTC (rev 23931) @@ -3463,7 +3463,7 @@ NOT-FOR-US: Wicked Ruby Gem CVE-2013-4412 [NULL ptr dereference] RESERVED - - slim + - slim (bug #725902) [wheezy] - slim (Only exploitable with eglibc 2.17 and later) [squeeze] - slim (Only exploitable with eglibc 2.17 and later) NOTE: Upstream fix: http://git.berlios.de/cgi-bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23930 - data/CVE
Author: carnil Date: 2013-10-09 20:29:38 + (Wed, 09 Oct 2013) New Revision: 23930 Modified: data/CVE/list Log: Add CVE-2013-4412/slim Modified: data/CVE/list === --- data/CVE/list 2013-10-09 20:18:45 UTC (rev 23929) +++ data/CVE/list 2013-10-09 20:29:38 UTC (rev 23930) @@ -3461,8 +3461,12 @@ CVE-2013-4413 [arbitrary files read] RESERVED NOT-FOR-US: Wicked Ruby Gem -CVE-2013-4412 +CVE-2013-4412 [NULL ptr dereference] RESERVED + - slim + [wheezy] - slim (Only exploitable with eglibc 2.17 and later) + [squeeze] - slim (Only exploitable with eglibc 2.17 and later) + NOTE: Upstream fix: http://git.berlios.de/cgi-bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f CVE-2013-4411 RESERVED CVE-2013-4410 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23929 - data/CVE
Author: carnil Date: 2013-10-09 20:18:45 + (Wed, 09 Oct 2013) New Revision: 23929 Modified: data/CVE/list Log: Add NFU, CVE-2013-4413 Modified: data/CVE/list === --- data/CVE/list 2013-10-09 15:59:13 UTC (rev 23928) +++ data/CVE/list 2013-10-09 20:18:45 UTC (rev 23929) @@ -3458,8 +3458,9 @@ RESERVED CVE-2013-4414 RESERVED -CVE-2013-4413 +CVE-2013-4413 [arbitrary files read] RESERVED + NOT-FOR-US: Wicked Ruby Gem CVE-2013-4412 RESERVED CVE-2013-4411 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23928 - in data: . DSA
Author: jmm Date: 2013-10-09 15:59:13 + (Wed, 09 Oct 2013) New Revision: 23928 Modified: data/DSA/list data/dsa-needed.txt Log: nas DSA Modified: data/DSA/list === --- data/DSA/list 2013-10-09 15:53:01 UTC (rev 23927) +++ data/DSA/list 2013-10-09 15:59:13 UTC (rev 23928) @@ -1,3 +1,7 @@ +[09 Oct 2013] DSA-2771-1 nas - several + {CVE-2013-4256 CVE-2013-4257 CVE-2013-4258} + [squeeze] - nas 1.9.2-4squeeze1 + [wheezy] - nas 1.9.3-5wheezy1 [09 Oct 2013] DSA-2770-1 torque - authentication bypass {CVE-2013-4319} [squeeze] - torque 2.4.8+dfsg-9squeeze2 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2013-10-09 15:53:01 UTC (rev 23927) +++ data/dsa-needed.txt 2013-10-09 15:59:13 UTC (rev 23928) @@ -61,8 +61,6 @@ -- mysql-5.5/stable (carnil) -- -nas (jmm) --- openjpeg patches are not yet avaialble -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23927 - in data: . CVE
Author: jmm Date: 2013-10-09 15:53:01 + (Wed, 09 Oct 2013) New Revision: 23927 Modified: data/CVE/list data/dsa-needed.txt Log: ffmpeg update take drupal6 Modified: data/CVE/list === --- data/CVE/list 2013-10-09 15:01:10 UTC (rev 23926) +++ data/CVE/list 2013-10-09 15:53:01 UTC (rev 23927) @@ -13097,7 +13097,7 @@ CVE-2013-0867 [libavcodec/h264.c out of array accesses] RESERVED - ffmpeg - - libav + - libav (Code in libav is different/not affect as per libav h264 maintainer) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae CVE-2013-0866 [libavcodec/aacdec.c out of array accesses] RESERVED Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2013-10-09 15:01:10 UTC (rev 23926) +++ data/dsa-needed.txt 2013-10-09 15:53:01 UTC (rev 23927) @@ -17,7 +17,7 @@ -- chromium-browser -- -drupal6/oldstable +drupal6/oldstable (jmm) -- eglibc -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23926 - data/CVE
Author: carnil Date: 2013-10-09 15:01:10 + (Wed, 09 Oct 2013) New Revision: 23926 Modified: data/CVE/list Log: CVE-2013-2651, NFU Modified: data/CVE/list === --- data/CVE/list 2013-10-09 14:59:53 UTC (rev 23925) +++ data/CVE/list 2013-10-09 15:01:10 UTC (rev 23926) @@ -7833,6 +7833,7 @@ RESERVED CVE-2013-2651 RESERVED + NOT-FOR-US: Boltwire CVE-2013-2650 RESERVED CVE-2013-2649 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23925 - data/CVE
Author: carnil Date: 2013-10-09 14:59:53 + (Wed, 09 Oct 2013) New Revision: 23925 Modified: data/CVE/list Log: Add three NFUs in Uebimiau Webmail Modified: data/CVE/list === --- data/CVE/list 2013-10-09 14:53:40 UTC (rev 23924) +++ data/CVE/list 2013-10-09 14:59:53 UTC (rev 23925) @@ -7898,10 +7898,13 @@ RESERVED CVE-2013-2623 RESERVED + NOT-FOR-US: Uebimiau Webmail CVE-2013-2622 RESERVED + NOT-FOR-US: Uebimiau Webmail CVE-2013-2621 RESERVED + NOT-FOR-US: Uebimiau Webmail CVE-2013-2620 RESERVED CVE-2013-2619 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23924 - data/CVE
Author: carnil Date: 2013-10-09 14:53:40 + (Wed, 09 Oct 2013) New Revision: 23924 Modified: data/CVE/list Log: Add NFU Modified: data/CVE/list === --- data/CVE/list 2013-10-09 14:16:20 UTC (rev 23923) +++ data/CVE/list 2013-10-09 14:53:40 UTC (rev 23924) @@ -491,6 +491,7 @@ RESERVED CVE-2013-5744 RESERVED + NOT-FOR-US: Feng Office CVE-2013-5743 RESERVED - zabbix 1:2.0.8+dfsg-2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23923 - in data: . DSA
Author: carnil Date: 2013-10-09 14:16:20 + (Wed, 09 Oct 2013) New Revision: 23923 Modified: data/DSA/list data/dsa-needed.txt Log: Reserve DSA number for torque DSA Modified: data/DSA/list === --- data/DSA/list 2013-10-09 13:35:08 UTC (rev 23922) +++ data/DSA/list 2013-10-09 14:16:20 UTC (rev 23923) @@ -1,3 +1,7 @@ +[09 Oct 2013] DSA-2770-1 torque - authentication bypass + {CVE-2013-4319} + [squeeze] - torque 2.4.8+dfsg-9squeeze2 + [wheezy] - torque 2.4.16+dfsg-1+deb7u1 [08 Oct 2013] DSA-2769-1 kfreebsd-9 - several {CVE-2013-5691 CVE-2013-5710} [wheezy] - kfreebsd-9 9.0-10+deb70.4 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2013-10-09 13:35:08 UTC (rev 23922) +++ data/dsa-needed.txt 2013-10-09 14:16:20 UTC (rev 23923) @@ -95,8 +95,6 @@ -- tomcat7/stable (jmm) -- -torque (carnil) --- vlc it probably makes sense to update to the 2.0.x point releases -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23922 - data/CVE
Author: fgeek-guest Date: 2013-10-09 13:35:08 + (Wed, 09 Oct 2013) New Revision: 23922 Modified: data/CVE/list Log: NFU HPSBGN02929, HPSBGN02930 Modified: data/CVE/list === --- data/CVE/list 2013-10-09 11:49:42 UTC (rev 23921) +++ data/CVE/list 2013-10-09 13:35:08 UTC (rev 23922) @@ -2543,16 +2543,22 @@ NOT-FOR-US: HP CVE-2013-4827 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4826 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4825 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4824 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4823 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4822 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4821 (Unspecified vulnerability in HP System Management Homepage (SMH) ...) NOT-FOR-US: HP System Management Homepage CVE-2013-4820 (Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23921 - data/CVE
Author: carnil Date: 2013-10-09 11:49:42 + (Wed, 09 Oct 2013) New Revision: 23921 Modified: data/CVE/list Log: Add NFU for Apache Sling Modified: data/CVE/list === --- data/CVE/list 2013-10-09 06:03:11 UTC (rev 23920) +++ data/CVE/list 2013-10-09 11:49:42 UTC (rev 23921) @@ -8931,6 +8931,7 @@ TODO: check if complete and possibly report to BTS, sec announcement from upstream in preparation CVE-2013-2254 RESERVED + NOT-FOR-US: Apache Sling CVE-2013-2253 RESERVED CVE-2013-2252 @@ -27022,7 +27023,6 @@ - ruby-mail 2.4.4-1 CVE-2012-2138 (The @CopyFrom operation in the POST servlet in the ...) NOT-FOR-US: Apache Sling - NOTE: http://lists.grok.org.uk/pipermail/full-disclosure/2012-July/087554.html CVE-2012-2137 (Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the ...) - linux 3.2.20-1 CVE-2012-2136 (The sock_alloc_send_pskb function in net/core/sock.c in the Linux ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits