[Secure-testing-commits] r23934 - data/CVE
Author: carnil Date: 2013-10-10 06:05:57 + (Thu, 10 Oct 2013) New Revision: 23934 Modified: data/CVE/list Log: Add bugereference for CVE-2013-4397/libtar Modified: data/CVE/list === --- data/CVE/list 2013-10-10 05:44:11 UTC (rev 23933) +++ data/CVE/list 2013-10-10 06:05:57 UTC (rev 23934) @@ -3506,7 +3506,7 @@ RESERVED CVE-2013-4397 [Integer overflow] RESERVED - - libtar + - libtar (bug #725938) CVE-2013-4396 [Use after free in Xserver handling of ImageText requests] RESERVED - xorg-server 2:1.14.3-4 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23933 - data/CVE
Author: carnil Date: 2013-10-10 05:44:11 + (Thu, 10 Oct 2013) New Revision: 23933 Modified: data/CVE/list Log: Add libtar issue (CVE-2013-4397) Modified: data/CVE/list === --- data/CVE/list 2013-10-09 21:14:23 UTC (rev 23932) +++ data/CVE/list 2013-10-10 05:44:11 UTC (rev 23933) @@ -3504,8 +3504,9 @@ NOTE: fixed in 1.1.3 (not yet in unstable) CVE-2013-4398 RESERVED -CVE-2013-4397 +CVE-2013-4397 [Integer overflow] RESERVED + - libtar CVE-2013-4396 [Use after free in Xserver handling of ImageText requests] RESERVED - xorg-server 2:1.14.3-4 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23932 - data/CVE
Author: joeyh
Date: 2013-10-09 21:14:23 + (Wed, 09 Oct 2013)
New Revision: 23932
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2013-10-09 20:39:46 UTC (rev 23931)
+++ data/CVE/list 2013-10-09 21:14:23 UTC (rev 23932)
@@ -3771,6 +3771,7 @@
- typo3 (All versions from 6.0.0 up to the development
branch of 6.2)
CVE-2013-4319 [Torque privilege escalation]
RESERVED
+ {DSA-2770-1}
- torque (bug #722306)
NOTE:
http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html
CVE-2013-4318
@@ -3972,12 +3973,15 @@
NOTE: upstream commit:
https://github.com/ansible/ansible/commit/6bf5d195065bc23b5fc72ba690d7ed45f228aaf0
CVE-2013-4258 [Format string]
RESERVED
+ {DSA-2771-1}
- nas 1.9.3-6 (bug #720287)
CVE-2013-4257 [Heap Overflow]
RESERVED
+ {DSA-2771-1}
- nas 1.9.3-6 (bug #720287)
CVE-2013-4256 [Buffer Overflows]
RESERVED
+ {DSA-2771-1}
- nas 1.9.3-6 (bug #720287)
CVE-2013-4255 [condor_startd DoS when parsing policy definition that evaluates
to ERROR or UNDEFINED]
RESERVED
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23931 - data/CVE
Author: carnil Date: 2013-10-09 20:39:46 + (Wed, 09 Oct 2013) New Revision: 23931 Modified: data/CVE/list Log: Add bugnumber for CVE-2013-4412/slim Modified: data/CVE/list === --- data/CVE/list 2013-10-09 20:29:38 UTC (rev 23930) +++ data/CVE/list 2013-10-09 20:39:46 UTC (rev 23931) @@ -3463,7 +3463,7 @@ NOT-FOR-US: Wicked Ruby Gem CVE-2013-4412 [NULL ptr dereference] RESERVED - - slim + - slim (bug #725902) [wheezy] - slim (Only exploitable with eglibc 2.17 and later) [squeeze] - slim (Only exploitable with eglibc 2.17 and later) NOTE: Upstream fix: http://git.berlios.de/cgi-bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23930 - data/CVE
Author: carnil Date: 2013-10-09 20:29:38 + (Wed, 09 Oct 2013) New Revision: 23930 Modified: data/CVE/list Log: Add CVE-2013-4412/slim Modified: data/CVE/list === --- data/CVE/list 2013-10-09 20:18:45 UTC (rev 23929) +++ data/CVE/list 2013-10-09 20:29:38 UTC (rev 23930) @@ -3461,8 +3461,12 @@ CVE-2013-4413 [arbitrary files read] RESERVED NOT-FOR-US: Wicked Ruby Gem -CVE-2013-4412 +CVE-2013-4412 [NULL ptr dereference] RESERVED + - slim + [wheezy] - slim (Only exploitable with eglibc 2.17 and later) + [squeeze] - slim (Only exploitable with eglibc 2.17 and later) + NOTE: Upstream fix: http://git.berlios.de/cgi-bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f CVE-2013-4411 RESERVED CVE-2013-4410 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23929 - data/CVE
Author: carnil Date: 2013-10-09 20:18:45 + (Wed, 09 Oct 2013) New Revision: 23929 Modified: data/CVE/list Log: Add NFU, CVE-2013-4413 Modified: data/CVE/list === --- data/CVE/list 2013-10-09 15:59:13 UTC (rev 23928) +++ data/CVE/list 2013-10-09 20:18:45 UTC (rev 23929) @@ -3458,8 +3458,9 @@ RESERVED CVE-2013-4414 RESERVED -CVE-2013-4413 +CVE-2013-4413 [arbitrary files read] RESERVED + NOT-FOR-US: Wicked Ruby Gem CVE-2013-4412 RESERVED CVE-2013-4411 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23928 - in data: . DSA
Author: jmm
Date: 2013-10-09 15:59:13 + (Wed, 09 Oct 2013)
New Revision: 23928
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
nas DSA
Modified: data/DSA/list
===
--- data/DSA/list 2013-10-09 15:53:01 UTC (rev 23927)
+++ data/DSA/list 2013-10-09 15:59:13 UTC (rev 23928)
@@ -1,3 +1,7 @@
+[09 Oct 2013] DSA-2771-1 nas - several
+ {CVE-2013-4256 CVE-2013-4257 CVE-2013-4258}
+ [squeeze] - nas 1.9.2-4squeeze1
+ [wheezy] - nas 1.9.3-5wheezy1
[09 Oct 2013] DSA-2770-1 torque - authentication bypass
{CVE-2013-4319}
[squeeze] - torque 2.4.8+dfsg-9squeeze2
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2013-10-09 15:53:01 UTC (rev 23927)
+++ data/dsa-needed.txt 2013-10-09 15:59:13 UTC (rev 23928)
@@ -61,8 +61,6 @@
--
mysql-5.5/stable (carnil)
--
-nas (jmm)
---
openjpeg
patches are not yet avaialble
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23927 - in data: . CVE
Author: jmm Date: 2013-10-09 15:53:01 + (Wed, 09 Oct 2013) New Revision: 23927 Modified: data/CVE/list data/dsa-needed.txt Log: ffmpeg update take drupal6 Modified: data/CVE/list === --- data/CVE/list 2013-10-09 15:01:10 UTC (rev 23926) +++ data/CVE/list 2013-10-09 15:53:01 UTC (rev 23927) @@ -13097,7 +13097,7 @@ CVE-2013-0867 [libavcodec/h264.c out of array accesses] RESERVED - ffmpeg - - libav + - libav (Code in libav is different/not affect as per libav h264 maintainer) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae CVE-2013-0866 [libavcodec/aacdec.c out of array accesses] RESERVED Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2013-10-09 15:01:10 UTC (rev 23926) +++ data/dsa-needed.txt 2013-10-09 15:53:01 UTC (rev 23927) @@ -17,7 +17,7 @@ -- chromium-browser -- -drupal6/oldstable +drupal6/oldstable (jmm) -- eglibc -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23926 - data/CVE
Author: carnil Date: 2013-10-09 15:01:10 + (Wed, 09 Oct 2013) New Revision: 23926 Modified: data/CVE/list Log: CVE-2013-2651, NFU Modified: data/CVE/list === --- data/CVE/list 2013-10-09 14:59:53 UTC (rev 23925) +++ data/CVE/list 2013-10-09 15:01:10 UTC (rev 23926) @@ -7833,6 +7833,7 @@ RESERVED CVE-2013-2651 RESERVED + NOT-FOR-US: Boltwire CVE-2013-2650 RESERVED CVE-2013-2649 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23925 - data/CVE
Author: carnil Date: 2013-10-09 14:59:53 + (Wed, 09 Oct 2013) New Revision: 23925 Modified: data/CVE/list Log: Add three NFUs in Uebimiau Webmail Modified: data/CVE/list === --- data/CVE/list 2013-10-09 14:53:40 UTC (rev 23924) +++ data/CVE/list 2013-10-09 14:59:53 UTC (rev 23925) @@ -7898,10 +7898,13 @@ RESERVED CVE-2013-2623 RESERVED + NOT-FOR-US: Uebimiau Webmail CVE-2013-2622 RESERVED + NOT-FOR-US: Uebimiau Webmail CVE-2013-2621 RESERVED + NOT-FOR-US: Uebimiau Webmail CVE-2013-2620 RESERVED CVE-2013-2619 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23924 - data/CVE
Author: carnil Date: 2013-10-09 14:53:40 + (Wed, 09 Oct 2013) New Revision: 23924 Modified: data/CVE/list Log: Add NFU Modified: data/CVE/list === --- data/CVE/list 2013-10-09 14:16:20 UTC (rev 23923) +++ data/CVE/list 2013-10-09 14:53:40 UTC (rev 23924) @@ -491,6 +491,7 @@ RESERVED CVE-2013-5744 RESERVED + NOT-FOR-US: Feng Office CVE-2013-5743 RESERVED - zabbix 1:2.0.8+dfsg-2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23923 - in data: . DSA
Author: carnil
Date: 2013-10-09 14:16:20 + (Wed, 09 Oct 2013)
New Revision: 23923
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
Reserve DSA number for torque DSA
Modified: data/DSA/list
===
--- data/DSA/list 2013-10-09 13:35:08 UTC (rev 23922)
+++ data/DSA/list 2013-10-09 14:16:20 UTC (rev 23923)
@@ -1,3 +1,7 @@
+[09 Oct 2013] DSA-2770-1 torque - authentication bypass
+ {CVE-2013-4319}
+ [squeeze] - torque 2.4.8+dfsg-9squeeze2
+ [wheezy] - torque 2.4.16+dfsg-1+deb7u1
[08 Oct 2013] DSA-2769-1 kfreebsd-9 - several
{CVE-2013-5691 CVE-2013-5710}
[wheezy] - kfreebsd-9 9.0-10+deb70.4
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2013-10-09 13:35:08 UTC (rev 23922)
+++ data/dsa-needed.txt 2013-10-09 14:16:20 UTC (rev 23923)
@@ -95,8 +95,6 @@
--
tomcat7/stable (jmm)
--
-torque (carnil)
---
vlc
it probably makes sense to update to the 2.0.x point releases
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23922 - data/CVE
Author: fgeek-guest Date: 2013-10-09 13:35:08 + (Wed, 09 Oct 2013) New Revision: 23922 Modified: data/CVE/list Log: NFU HPSBGN02929, HPSBGN02930 Modified: data/CVE/list === --- data/CVE/list 2013-10-09 11:49:42 UTC (rev 23921) +++ data/CVE/list 2013-10-09 13:35:08 UTC (rev 23922) @@ -2543,16 +2543,22 @@ NOT-FOR-US: HP CVE-2013-4827 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4826 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4825 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4824 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4823 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4822 RESERVED + NOT-FOR-US: HP Intelligent Management Center CVE-2013-4821 (Unspecified vulnerability in HP System Management Homepage (SMH) ...) NOT-FOR-US: HP System Management Homepage CVE-2013-4820 (Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23921 - data/CVE
Author: carnil Date: 2013-10-09 11:49:42 + (Wed, 09 Oct 2013) New Revision: 23921 Modified: data/CVE/list Log: Add NFU for Apache Sling Modified: data/CVE/list === --- data/CVE/list 2013-10-09 06:03:11 UTC (rev 23920) +++ data/CVE/list 2013-10-09 11:49:42 UTC (rev 23921) @@ -8931,6 +8931,7 @@ TODO: check if complete and possibly report to BTS, sec announcement from upstream in preparation CVE-2013-2254 RESERVED + NOT-FOR-US: Apache Sling CVE-2013-2253 RESERVED CVE-2013-2252 @@ -27022,7 +27023,6 @@ - ruby-mail 2.4.4-1 CVE-2012-2138 (The @CopyFrom operation in the POST servlet in the ...) NOT-FOR-US: Apache Sling - NOTE: http://lists.grok.org.uk/pipermail/full-disclosure/2012-July/087554.html CVE-2012-2137 (Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the ...) - linux 3.2.20-1 CVE-2012-2136 (The sock_alloc_send_pskb function in net/core/sock.c in the Linux ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
