[Secure-testing-commits] r31899 - data/CVE
Author: jmm Date: 2015-02-02 08:37:31 + (Mon, 02 Feb 2015) New Revision: 31899 Modified: data/CVE/list Log: one php issue n/a for squeeze Modified: data/CVE/list === --- data/CVE/list 2015-02-02 07:47:38 UTC (rev 31898) +++ data/CVE/list 2015-02-02 08:37:31 UTC (rev 31899) @@ -5051,6 +5051,7 @@ NOTE: https://bugs.php.net/bug.php?id=68799 CVE-2015-0231 (Use-after-free vulnerability in the process_nested_data function in ...) - php5 5.6.5+dfsg-1 + [squeeze] - php5 (Broken patch for CVE-2014-8142 never applied) NOTE: https://bugs.php.net/bug.php?id=68710 NOTE: Upstream fix: https://github.com/php/php-src/commit/b585a3aed7880a5fa5c18e2b838fc96f40e075bd NOTE: in unstable actually incomplete fix was not yet applied, so n/a but wheezy is ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31900 - data/CVE
Author: pabs Date: 2015-02-02 09:12:53 + (Mon, 02 Feb 2015) New Revision: 31900 Modified: data/CVE/list Log: CVE-2014-6185: NFU: IBM Modified: data/CVE/list === --- data/CVE/list 2015-02-02 08:37:31 UTC (rev 31899) +++ data/CVE/list 2015-02-02 09:12:53 UTC (rev 31900) @@ -12529,8 +12529,10 @@ NOT-FOR-US: IBM CVE-2014-6186 (IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before ...) NOT-FOR-US: IBM -CVE-2014-6185 +CVE-2014-6185 [Tivoli Storage Manager Arbitrary DSO Load Elevation of Privileges] RESERVED + NOT-FOR-US: IBM + NOTE: https://www-01.ibm.com/support/docview.wss?uid=swg21695715 CVE-2014-6184 RESERVED CVE-2014-6183 (IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31901 - in data: . DSA
Author: seb Date: 2015-02-02 09:21:51 + (Mon, 02 Feb 2015) New Revision: 31901 Modified: data/DSA/list data/dsa-needed.txt Log: Reserve DSA-3149-1 for CVE-2014-8126 (condor) Modified: data/DSA/list === --- data/DSA/list 2015-02-02 09:12:53 UTC (rev 31900) +++ data/DSA/list 2015-02-02 09:21:51 UTC (rev 31901) @@ -1,3 +1,5 @@ +[02 Feb 2015] DSA-3149-1 condor - security update + [wheezy] - condor 7.8.2~dfsg.1-1+deb7u3 [31 Jan 2015] DSA-3148-1 chromium-browser - end of life [wheezy] - chromium-browser [30 Jan 2015] DSA-3147-1 openjdk-6 - security update Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2015-02-02 09:12:53 UTC (rev 31900) +++ data/dsa-needed.txt 2015-02-02 09:21:51 UTC (rev 31901) @@ -14,8 +14,6 @@ -- asterisk -- -condor (seb) --- imagemagick no-dsa bugs CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 should be fixed along ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31902 - data/CVE
Author: thijs Date: 2015-02-02 10:25:45 + (Mon, 02 Feb 2015) New Revision: 31902 Modified: data/CVE/list Log: moodle fixed in sid Modified: data/CVE/list === --- data/CVE/list 2015-02-02 09:21:51 UTC (rev 31901) +++ data/CVE/list 2015-02-02 10:25:45 UTC (rev 31902) @@ -4998,8 +4998,8 @@ RESERVED CVE-2015-0247 RESERVED -CVE-2015-0246 - RESERVED +CVE-2015-0246 [MSA-15-0009] + - moodle 2.7.5+dfsg-1 CVE-2015-0245 RESERVED CVE-2015-0244 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31903 - data/CVE
Author: jmm Date: 2015-02-02 11:23:14 + (Mon, 02 Feb 2015) New Revision: 31903 Modified: data/CVE/list Log: archmage fixed Modified: data/CVE/list === --- data/CVE/list 2015-02-02 10:25:45 UTC (rev 31902) +++ data/CVE/list 2015-02-02 11:23:14 UTC (rev 31903) @@ -44,7 +44,7 @@ NOTE: https://github.com/chjj/marked/issues/497 NOTE: libv8 is not covered by security support CVE-2015- [directory traversal] - - archmage (bug #776164) + - archmage 1:0.2.4-4 (bug #776164) CVE-2015-1419 (Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote ...) - vsftpd CVE-2015-1418 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31904 - data/CVE
Author: jmm Date: 2015-02-02 11:39:07 + (Mon, 02 Feb 2015) New Revision: 31904 Modified: data/CVE/list Log: moodle fixed Modified: data/CVE/list === --- data/CVE/list 2015-02-02 11:23:14 UTC (rev 31903) +++ data/CVE/list 2015-02-02 11:39:07 UTC (rev 31904) @@ -8634,19 +8634,19 @@ CVE-2014-7849 RESERVED CVE-2014-7848 (lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x ...) - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47287 CVE-2014-7847 (iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...) - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47321 CVE-2014-7846 (tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, ...) - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47965 CVE-2014-7845 (The generate_password function in Moodle through 2.4.11, 2.5.x before ...) - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47050 CVE-2014-7844 @@ -8683,39 +8683,31 @@ - resteasy 3.0.6-2 (bug #770544) NOTE: https://issues.jboss.org/browse/RESTEASY-1130 CVE-2014-7838 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) - NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019 -CVE-2014-7837 (mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...) - - moodle (bug #775842) - [squeeze] - moodle (Unsupported in squeeze-lts) - NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47949 -CVE-2014-7836 (Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI ...) - - moodle (bug #775842) - [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924 CVE-2014-7835 (webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before ...) - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47868 CVE-2014-7834 (mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x ...) - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45303 CVE-2014-7833 (mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...) - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47697 CVE-2014-7832 (mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x ...) - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921 CVE-2014-7831 (lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not ...) - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47766 CVE-2014-7830 (Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php ...) - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865 CVE-2014-7829 (Directory traversal vulnerability in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31905 - data/CVE
Author: jmm Date: 2015-02-02 11:54:03 + (Mon, 02 Feb 2015) New Revision: 31905 Modified: data/CVE/list Log: more moodle fixes Modified: data/CVE/list === --- data/CVE/list 2015-02-02 11:39:07 UTC (rev 31904) +++ data/CVE/list 2015-02-02 11:54:03 UTC (rev 31905) @@ -18990,7 +18990,7 @@ [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485 CVE-2014-3551 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - - moodle (bug #775842) + - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223 CVE-2014-3550 (Multiple cross-site scripting (XSS) vulnerabilities in ...) @@ -19000,35 +19000,35 @@ - moodle (Only affects 2.7.x) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46201 CVE-2014-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle through ...) - - moodle (bug #775842) + - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471 CVE-2014-3547 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - - moodle (bug #775842) + - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042 CVE-2014-3546 (Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x ...) - - moodle (bug #775842) + - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760 CVE-2014-3545 (Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x ...) - - moodle (bug #775842) + - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148 CVE-2014-3544 (Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle ...) - - moodle (bug #775842) + - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683 CVE-2014-3543 (mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, ...) - - moodle (bug #775842) + - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45417 CVE-2014-3542 (mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, ...) - - moodle (bug #775842) + - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463 CVE-2014-3541 (The Repositories component in Moodle through 2.3.11, 2.4.x before ...) - - moodle (bug #775842) + - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616 CVE-2014-3540 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31906 - data/CVE
Author: carnil Date: 2015-02-02 15:08:30 + (Mon, 02 Feb 2015) New Revision: 31906 Modified: data/CVE/list Log: Two CVEs for moodle seem to have been lost in last update, add back Modified: data/CVE/list === --- data/CVE/list 2015-02-02 11:54:03 UTC (rev 31905) +++ data/CVE/list 2015-02-02 15:08:30 UTC (rev 31906) @@ -8686,6 +8686,14 @@ - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924 +CVE-2014-7837 + - moodle 2.7.5+dfsg-1 (bug #775842) + [squeeze] - moodle (Unsupported in squeeze-lts) + NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47949 +CVE-2014-7836 + - moodle 2.7.5+dfsg-1 (bug #775842) + [squeeze] - moodle (Unsupported in squeeze-lts) + NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924 CVE-2014-7835 (webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before ...) - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31908 - data/CVE
Author: carnil Date: 2015-02-02 15:11:48 + (Mon, 02 Feb 2015) New Revision: 31908 Modified: data/CVE/list Log: Cleanup trailing whitespaces Modified: data/CVE/list === --- data/CVE/list 2015-02-02 15:11:40 UTC (rev 31907) +++ data/CVE/list 2015-02-02 15:11:48 UTC (rev 31908) @@ -25,7 +25,7 @@ NOTE: https://tracker.phpbb.com/browse/PHPBB3-13531 CVE-2015-1430 [buffer overrun in acknowledge.c(gi)] - xymon 4.3.17-5 (low; bug #776007) - [squeeze] - xymon (Vulnerable code not present) + [squeeze] - xymon (Vulnerable code not present) [wheezy] - xymon (Vulnerable code not present) NOTE: Upstream patch: http://sourceforge.net/p/xymon/code/7483/ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/30/17 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31907 - data/CVE
Author: carnil Date: 2015-02-02 15:11:40 + (Mon, 02 Feb 2015) New Revision: 31907 Modified: data/CVE/list Log: Add temporary item for new glibc issue Modified: data/CVE/list === --- data/CVE/list 2015-02-02 15:08:30 UTC (rev 31906) +++ data/CVE/list 2015-02-02 15:11:40 UTC (rev 31907) @@ -1,3 +1,8 @@ +CVE-2015- [heap buffer overflow in glibc swscanf] + - glibc + - eglibc + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16618 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/01/8 CVE-2015- [Infinite loop in patch] - patch 2.7.4-1 (bug #776271) NOTE: Different from CVE-2014-9637 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31909 - data
Author: carnil Date: 2015-02-02 15:37:01 + (Mon, 02 Feb 2015) New Revision: 31909 Modified: data/dsa-needed.txt Log: Add Alessandro for vlc DSA Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2015-02-02 15:11:48 UTC (rev 31908) +++ data/dsa-needed.txt 2015-02-02 15:37:01 UTC (rev 31909) @@ -76,6 +76,6 @@ unzip (carnil) NOTE: for regression fix as well -- -vlc +vlc (ghedo) -- zendframework ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31910 - in data: . DSA
Author: jmm
Date: 2015-02-02 16:19:29 + (Mon, 02 Feb 2015)
New Revision: 31910
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
vlc DSA
Modified: data/DSA/list
===
--- data/DSA/list 2015-02-02 15:37:01 UTC (rev 31909)
+++ data/DSA/list 2015-02-02 16:19:29 UTC (rev 31910)
@@ -1,3 +1,6 @@
+[02 Feb 2015] DSA-3150-1 vlc - security update
+ {CVE-2014-9626 CVE-2014-9627 CVE-2014-9628 CVE-2014-9629 CVE-2014-9630}
+ [wheezy] - vlc 2.0.3-5+deb7u2
[02 Feb 2015] DSA-3149-1 condor - security update
[wheezy] - condor 7.8.2~dfsg.1-1+deb7u3
[31 Jan 2015] DSA-3148-1 chromium-browser - end of life
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2015-02-02 15:37:01 UTC (rev 31909)
+++ data/dsa-needed.txt 2015-02-02 16:19:29 UTC (rev 31910)
@@ -76,6 +76,4 @@
unzip (carnil)
NOTE: for regression fix as well
--
-vlc (ghedo)
---
zendframework
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31911 - data
Author: carnil Date: 2015-02-02 16:21:43 + (Mon, 02 Feb 2015) New Revision: 31911 Modified: data/dsa-needed.txt Log: Take python-django Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2015-02-02 16:19:29 UTC (rev 31910) +++ data/dsa-needed.txt 2015-02-02 16:21:43 UTC (rev 31911) @@ -50,7 +50,7 @@ -- phpmyadmin (thijs) -- -python-django +python-django (carnil) NOTE: maintainer prepared an update, needs writing advisory and release package -- ruby1.8 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31912 - data/CVE
Author: carnil
Date: 2015-02-02 16:27:16 + (Mon, 02 Feb 2015)
New Revision: 31912
Modified:
data/CVE/list
Log:
CVE-2015-0222/python-django: mark squeeze as not-affected as well
Modified: data/CVE/list
===
--- data/CVE/list 2015-02-02 16:21:43 UTC (rev 31911)
+++ data/CVE/list 2015-02-02 16:27:16 UTC (rev 31912)
@@ -5083,6 +5083,7 @@
CVE-2015-0222 (ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and
1.7.x ...)
- python-django 1.7.1-1.1 (bug #775375)
[wheezy] - python-django (1.4.x not affected)
+ [squeeze] - python-django (1.2.x not affected)
NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/
CVE-2015-0221 (The django.views.static.serve view in Django before 1.4.18,
1.6.x ...)
{DLA-143-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31913 - data/DLA
Author: alteholz
Date: 2015-02-02 16:30:14 + (Mon, 02 Feb 2015)
New Revision: 31913
Modified:
data/DLA/list
Log:
DLA-145-1 php5 regression update
Modified: data/DLA/list
===
--- data/DLA/list 2015-02-02 16:27:16 UTC (rev 31912)
+++ data/DLA/list 2015-02-02 16:30:14 UTC (rev 31913)
@@ -1,3 +1,5 @@
+[02 Feb 2015] DLA-145-2 php5 - regression update
+ [squeeze] - php5 5.3.3-7+squeeze25
[31 Jan 2015] DLA-145-1 php5 - security update
{CVE-2014-0237 CVE-2014-0238 CVE-2014-2270 CVE-2014-8117}
[squeeze] - php5 5.3.3-7+squeeze24
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31914 - data/CVE
Author: carnil Date: 2015-02-02 18:07:03 + (Mon, 02 Feb 2015) New Revision: 31914 Modified: data/CVE/list Log: Add patch reference (patch used in SUSE) for #774669 Modified: data/CVE/list === --- data/CVE/list 2015-02-02 16:30:14 UTC (rev 31913) +++ data/CVE/list 2015-02-02 18:07:03 UTC (rev 31914) @@ -2575,6 +2575,7 @@ - cpio (low; bug #774669) [wheezy] - cpio (Minor issue) [squeeze] - cpio (Minor issue) + NOTE: Patch used in SUSE: https://bugzilla.suse.com/attachment.cgi?id=599460&action=diff CVE-2015- [CHM decompression: pointer arithmetic overflow] - libmspack 0.4-3 (bug #774726) CVE-2015- [CHM decompression: division by zero] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31915 - data/CVE
Author: carnil Date: 2015-02-02 18:13:49 + (Mon, 02 Feb 2015) New Revision: 31915 Modified: data/CVE/list Log: Add new (tempoarary) linux issue, CVE request pending Modified: data/CVE/list === --- data/CVE/list 2015-02-02 18:07:03 UTC (rev 31914) +++ data/CVE/list 2015-02-02 18:13:49 UTC (rev 31915) @@ -1,3 +1,8 @@ +CVE-2015- [net: DoS due to routing packets to too many different dsts/too fast] + - linux + - linux-2.6 + NOTE: Upstream patch: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df4d92549f23e1c037e83323aff58a21b3de7fe0 (v3.19-rc7) + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/02/2 CVE-2015- [heap buffer overflow in glibc swscanf] - glibc - eglibc ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31916 - data/CVE
Author: sectracker
Date: 2015-02-02 21:10:18 + (Mon, 02 Feb 2015)
New Revision: 31916
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2015-02-02 18:13:49 UTC (rev 31915)
+++ data/CVE/list 2015-02-02 21:10:18 UTC (rev 31916)
@@ -984,26 +984,31 @@
NOT-FOR-US: Bogus entry for Privoxy picked from Secunia
CVE-2014-9630 [Invalid memory access in rtp code]
RESERVED
+ {DSA-3150-1}
- vlc 2.2.0~rc2-2 (bug #775866)
[squeeze] - vlc (Unsupported in squeeze-lts)
NOTE:
https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97
CVE-2014-9629 [integer overflow with resultant buffer overflow]
RESERVED
+ {DSA-3150-1}
- vlc 2.2.0~rc2-2 (bug #775866)
[squeeze] - vlc (Unsupported in squeeze-lts)
NOTE:
https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5
CVE-2014-9628 [attacker-triggered zero-size malloc with resultant buffer
overflow]
RESERVED
+ {DSA-3150-1}
- vlc 2.2.0~rc2-2 (bug #775866)
[squeeze] - vlc (Unsupported in squeeze-lts)
NOTE:
https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39
CVE-2014-9627 [integer truncation on 32-bit platforms]
RESERVED
+ {DSA-3150-1}
- vlc 2.2.0~rc2-2 (bug #775866)
[squeeze] - vlc (Unsupported in squeeze-lts)
NOTE:
https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39
CVE-2014-9626 [integer underflow]
RESERVED
+ {DSA-3150-1}
- vlc 2.2.0~rc2-2 (bug #775866)
[squeeze] - vlc (Unsupported in squeeze-lts)
NOTE:
https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39
@@ -5010,6 +5015,7 @@
CVE-2015-0247
RESERVED
CVE-2015-0246 [MSA-15-0009]
+ RESERVED
- moodle 2.7.5+dfsg-1
CVE-2015-0245
RESERVED
@@ -8698,11 +8704,11 @@
- moodle 2.7.5+dfsg-1 (bug #775842)
[squeeze] - moodle (Unsupported in squeeze-lts)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924
-CVE-2014-7837
+CVE-2014-7837 (mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before
2.5.9, 2.6.x ...)
- moodle 2.7.5+dfsg-1 (bug #775842)
[squeeze] - moodle (Unsupported in squeeze-lts)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47949
-CVE-2014-7836
+CVE-2014-7836 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the LTI ...)
- moodle 2.7.5+dfsg-1 (bug #775842)
[squeeze] - moodle (Unsupported in squeeze-lts)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31917 - data/CVE
Author: carnil Date: 2015-02-02 21:16:27 + (Mon, 02 Feb 2015) New Revision: 31917 Modified: data/CVE/list Log: Some security-sensitive bugs in libmspack fixed in unstable upload, #775687, #775498, #774665, #775499 Modified: data/CVE/list === --- data/CVE/list 2015-02-02 21:10:18 UTC (rev 31916) +++ data/CVE/list 2015-02-02 21:16:27 UTC (rev 31917) @@ -696,8 +696,14 @@ - php5 NOTE: https://github.com/MegaManSec/php-src/commit/a538d2f5605798422f2746636ecdc300f8ebcaa1 TODO: check +CVE-2015- [off-by-one buffer under-read in mspack/lzxd.c] + - libmspack 0.5-1 (bug #775499) +CVE-2014- [null pointer dereference on a crafted CAB] + - libmspack 0.5-1 (bug #774665) +CVE-2015- [off-by-one buffer over-read in mspack/mszipd.c] + - libmspack 0.5-1 (bug #775498) CVE-2015- [CHM decompression: another pointer arithmetic overflow] - - libmspack (bug #775687) + - libmspack 0.5-1 (bug #775687) CVE-2015- [multiple /tmp file vulnerabilities] - kamailio 4.2.0-2 (bug #775681) NOTE: https://github.com/kamailio/kamailio/issues/48 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31918 - data/DSA
Author: carnil
Date: 2015-02-02 21:19:06 + (Mon, 02 Feb 2015)
New Revision: 31918
Modified:
data/DSA/list
Log:
Add missing CVE reference for DSA-3149-1, Closes #776878
Modified: data/DSA/list
===
--- data/DSA/list 2015-02-02 21:16:27 UTC (rev 31917)
+++ data/DSA/list 2015-02-02 21:19:06 UTC (rev 31918)
@@ -2,6 +2,7 @@
{CVE-2014-9626 CVE-2014-9627 CVE-2014-9628 CVE-2014-9629 CVE-2014-9630}
[wheezy] - vlc 2.0.3-5+deb7u2
[02 Feb 2015] DSA-3149-1 condor - security update
+ {CVE-2014-8126}
[wheezy] - condor 7.8.2~dfsg.1-1+deb7u3
[31 Jan 2015] DSA-3148-1 chromium-browser - end of life
[wheezy] - chromium-browser
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31919 - data
Author: kolter Date: 2015-02-02 23:46:05 + (Mon, 02 Feb 2015) New Revision: 31919 Modified: data/dla-needed.txt Log: Add sympa (for CVE-2015-1306) and take it Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-02-02 21:19:06 UTC (rev 31918) +++ data/dla-needed.txt 2015-02-02 23:46:05 UTC (rev 31919) @@ -62,6 +62,8 @@ -- squid -- +sympa (Emmanuel Bouthenot) +-- wireshark (Balint Reczey) -- wordpress ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31920 - data/CVE
Author: carnil
Date: 2015-02-03 04:28:04 + (Tue, 03 Feb 2015)
New Revision: 31920
Modified:
data/CVE/list
Log:
Add fixed version for phpbb3, CVE-2015-143{1,2}, #776699
Modified: data/CVE/list
===
--- data/CVE/list 2015-02-02 23:46:05 UTC (rev 31919)
+++ data/CVE/list 2015-02-03 04:28:04 UTC (rev 31920)
@@ -19,12 +19,12 @@
[wheezy] - roundcube (Minor issue)
[squeeze] - roundcube (Minor issue)
CVE-2015-1432 [phpbb3: CSRF]
- - phpbb3 (low; bug #776699)
+ - phpbb3 3.0.12-4 (low; bug #776699)
[wheezy] - phpbb3 (Minor issue)
[squeeze] - phpbb3 (Minor issue)
NOTE: https://tracker.phpbb.com/browse/PHPBB3-13526
CVE-2015-1431 [phpbb3: css injection]
- - phpbb3 (low; bug #776699)
+ - phpbb3 3.0.12-4 (low; bug #776699)
[wheezy] - phpbb3 (Minor issue)
[squeeze] - phpbb3 (Minor issue)
NOTE: https://tracker.phpbb.com/browse/PHPBB3-13531
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31921 - in data: . DSA
Author: carnil
Date: 2015-02-03 05:50:02 + (Tue, 03 Feb 2015)
New Revision: 31921
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
Reserve DSA number for python-django
Modified: data/DSA/list
===
--- data/DSA/list 2015-02-03 04:28:04 UTC (rev 31920)
+++ data/DSA/list 2015-02-03 05:50:02 UTC (rev 31921)
@@ -1,3 +1,6 @@
+[03 Feb 2015] DSA-3151-1 python-django - security update
+ {CVE-2015-0219 CVE-2015-0220 CVE-2015-0221}
+ [wheezy] - python-django 1.4.5-1+deb7u9
[02 Feb 2015] DSA-3150-1 vlc - security update
{CVE-2014-9626 CVE-2014-9627 CVE-2014-9628 CVE-2014-9629 CVE-2014-9630}
[wheezy] - vlc 2.0.3-5+deb7u2
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2015-02-03 04:28:04 UTC (rev 31920)
+++ data/dsa-needed.txt 2015-02-03 05:50:02 UTC (rev 31921)
@@ -50,9 +50,6 @@
--
phpmyadmin (thijs)
--
-python-django (carnil)
- NOTE: maintainer prepared an update, needs writing advisory and release
package
---
ruby1.8
--
ruby1.9.1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31922 - data/CVE
Author: carnil Date: 2015-02-03 06:00:29 + (Tue, 03 Feb 2015) New Revision: 31922 Modified: data/CVE/list Log: Add CVE-2015-0313, NFU, concludes external check Modified: data/CVE/list === --- data/CVE/list 2015-02-03 05:50:02 UTC (rev 31921) +++ data/CVE/list 2015-02-03 06:00:29 UTC (rev 31922) @@ -4259,6 +4259,7 @@ RESERVED CVE-2015-0313 RESERVED + NOT-FOR-US: Adobe Flash CVE-2015-0312 (Double free vulnerability in Adobe Flash Player before 13.0.0.264 and ...) NOT-FOR-US: Adobe Flash CVE-2015-0311 (Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31923 - data/CVE
Author: jmm Date: 2015-02-03 06:17:55 + (Tue, 03 Feb 2015) New Revision: 31923 Modified: data/CVE/list Log: moodle fixed add entry for imagemagick tmp issues Modified: data/CVE/list === --- data/CVE/list 2015-02-03 06:00:29 UTC (rev 31922) +++ data/CVE/list 2015-02-03 06:17:55 UTC (rev 31923) @@ -1,3 +1,5 @@ +CVE-2014- [Multiple imagemagick bugs] + - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2015- [net: DoS due to routing packets to too many different dsts/too fast] - linux - linux-2.6 @@ -18722,7 +18724,7 @@ CVE-2014-3619 RESERVED CVE-2014-3617 (The forum_print_latest_discussions function in mod/forum/lib.php in ...) - - moodle (bug #775842) + - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46619 CVE-2014-3616 (nginx 0.5.6 through 1.7.4, when using the same shared ...) @@ -19015,7 +19017,7 @@ CVE-2014-3554 (Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp ...) - libndp 1.4-1 (bug #756389) CVE-2014-3553 (mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before ...) - - moodle (bug #775842) + - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38990 CVE-2014-3552 (The Shibboleth authentication plugin in auth/shibboleth/index.php in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31924 - data/CVE
Author: carnil Date: 2015-02-03 06:25:23 + (Tue, 03 Feb 2015) New Revision: 31924 Modified: data/CVE/list Log: Add reference to CVE request(s), no reply from MITRE by now Modified: data/CVE/list === --- data/CVE/list 2015-02-03 06:17:55 UTC (rev 31923) +++ data/CVE/list 2015-02-03 06:25:23 UTC (rev 31924) @@ -1,5 +1,6 @@ CVE-2014- [Multiple imagemagick bugs] - imagemagick 8:6.8.9.9-4 (bug #773834) + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2014/12/24/1 CVE-2015- [net: DoS due to routing packets to too many different dsts/too fast] - linux - linux-2.6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31925 - data/CVE
Author: carnil
Date: 2015-02-03 07:08:05 + (Tue, 03 Feb 2015)
New Revision: 31925
Modified:
data/CVE/list
Log:
MariaDB fixed in unstable
Modified: data/CVE/list
===
--- data/CVE/list 2015-02-03 06:25:23 UTC (rev 31924)
+++ data/CVE/list 2015-02-03 07:08:05 UTC (rev 31925)
@@ -3340,7 +3340,7 @@
CVE-2015-0432 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and
earlier ...)
{DSA-3135-1}
- mysql-5.5 (bug #775881)
- - mariadb-10.0 (bug #775882)
+ - mariadb-10.0 10.0.16-1 (bug #775882)
- percona-xtradb-cluster-5.5
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0431 (Unspecified vulnerability in the Oracle Transportation
Management ...)
@@ -3396,7 +3396,7 @@
CVE-2015-0411 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and
earlier, ...)
{DSA-3135-1}
- mysql-5.5 (bug #775881)
- - mariadb-10.0 (bug #775882)
+ - mariadb-10.0 10.0.16-1 (bug #775882)
- percona-xtradb-cluster-5.5
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0410 (Unspecified vulnerability in the Java SE, Java SE Embedded,
JRockit ...)
@@ -3491,13 +3491,13 @@
CVE-2015-0382 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and
earlier ...)
{DSA-3135-1}
- mysql-5.5 (bug #775881)
- - mariadb-10.0 (bug #775882)
+ - mariadb-10.0 10.0.16-1 (bug #775882)
- percona-xtradb-cluster-5.5
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0381 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and
earlier ...)
{DSA-3135-1}
- mysql-5.5 (bug #775881)
- - mariadb-10.0 (bug #775882)
+ - mariadb-10.0 10.0.16-1 (bug #775882)
- percona-xtradb-cluster-5.5
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0380 (Unspecified vulnerability in the Oracle Telecommunications
Billing ...)
@@ -3519,7 +3519,7 @@
CVE-2015-0374 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and
earlier ...)
{DSA-3135-1}
- mysql-5.5 (bug #775881)
- - mariadb-10.0 (bug #775882)
+ - mariadb-10.0 10.0.16-1 (bug #775882)
- percona-xtradb-cluster-5.5
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0373 (Unspecified vulnerability in the OJVM component in Oracle
Database ...)
@@ -11506,7 +11506,7 @@
CVE-2014-6568 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and
earlier, ...)
{DSA-3135-1}
- mysql-5.5 (bug #775881)
- - mariadb-10.0 (bug #775882)
+ - mariadb-10.0 10.0.16-1 (bug #775882)
- percona-xtradb-cluster-5.5
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2014-6567 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31926 - data/CVE
Author: jmm Date: 2015-02-03 07:23:26 + (Tue, 03 Feb 2015) New Revision: 31926 Modified: data/CVE/list Log: moodle fixes Modified: data/CVE/list === --- data/CVE/list 2015-02-03 07:08:05 UTC (rev 31925) +++ data/CVE/list 2015-02-03 07:23:26 UTC (rev 31926) @@ -4795,7 +4795,7 @@ - linux-2.6 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f442be2fb22be02cafa606f1769fa1e6f894441 (v3.18-rc6) CVE-2014-9059 (lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...) - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966 NOTE: https://moodle.org/mod/forum/discuss.php?d=275146 @@ -5121,42 +5121,41 @@ NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/ CVE-2015-0218 RESERVED - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: https://moodle.org/mod/forum/discuss.php?d=278618#p1196684 CVE-2015-0217 RESERVED - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: https://moodle.org/mod/forum/discuss.php?d=278617#p1196683 CVE-2015-0216 RESERVED - - moodle (bug #775842) - [squeeze] - moodle (Unsupported in squeeze-lts) + - moodle (Only affects 2.8.x) NOTE: https://moodle.org/mod/forum/discuss.php?d=278616#p1196682 CVE-2015-0215 RESERVED - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: https://moodle.org/mod/forum/discuss.php?d=278615#p1196681 CVE-2015-0214 RESERVED - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: https://moodle.org/mod/forum/discuss.php?d=278614#p1196680 CVE-2015-0213 RESERVED - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: https://moodle.org/mod/forum/discuss.php?d=278613#p1196679 CVE-2015-0212 RESERVED - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: https://moodle.org/mod/forum/discuss.php?d=278612#p1196678 CVE-2015-0211 RESERVED - - moodle (bug #775842) + - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: https://moodle.org/mod/forum/discuss.php?d=278611#p1196676 CVE-2015-0210 [wpa_supplicant: broken certificate subject check] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31927 - data
Author: carnil Date: 2015-02-03 07:37:17 + (Tue, 03 Feb 2015) New Revision: 31927 Modified: data/next-point-update.txt Log: Add CVE-2014-9328/clamav for next point update Modified: data/next-point-update.txt === --- data/next-point-update.txt 2015-02-03 07:23:26 UTC (rev 31926) +++ data/next-point-update.txt 2015-02-03 07:37:17 UTC (rev 31927) @@ -19,3 +19,5 @@ [wheezy] - fso-gsmd 0.11.3-2+deb7u1 [wheezy] - fso-usaged 0.11.0-1+deb7u1 [wheezy] - phonefsod 0.1+git20110827-3+deb7u1 +CVE-2014-9328 + [wheezy] - clamav 0.98.6+dfsg-0+deb7u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
