[Secure-testing-commits] r38835 - data/CVE
Author: carnil Date: 2016-01-11 05:15:44 + (Mon, 11 Jan 2016) New Revision: 38835 Modified: data/CVE/list Log: Fix description for CVE-2016-0723 (otherwise gets lost on automatic update) Note for reviewers of this commit () is for descriptions which get autoupdates. If no CVE description from mitre is available [ ] is used to not let the entry be autoupdated/emptied. Modified: data/CVE/list === --- data/CVE/list 2016-01-11 01:37:41 UTC (rev 38834) +++ data/CVE/list 2016-01-11 05:15:44 UTC (rev 38835) @@ -2418,7 +2418,7 @@ RESERVED CVE-2016-0724 RESERVED -CVE-2016-0723 (use-after-free in TIOCGETD ioctl) +CVE-2016-0723 [use-after-free in TIOCGETD ioctl] - linux - linux-2.6 NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1511.3/03045.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38836 - data
Author: carnil Date: 2016-01-11 05:39:41 + (Mon, 11 Jan 2016) New Revision: 38836 Modified: data/dsa-needed.txt Log: Add note for cacti Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-01-11 05:15:44 UTC (rev 38835) +++ data/dsa-needed.txt 2016-01-11 05:39:41 UTC (rev 38836) @@ -20,6 +20,7 @@ For jessie-security compat layer for PackageKit needs to be dropped -- cacti + Maintainer proposed debdiffs, needs review and ack -- icedtea-web -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38834 - in data: . DLA
Author: benh Date: 2016-01-11 01:37:41 + (Mon, 11 Jan 2016) New Revision: 38834 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-382-1 for sudo Modified: data/DLA/list === --- data/DLA/list 2016-01-11 01:28:52 UTC (rev 38833) +++ data/DLA/list 2016-01-11 01:37:41 UTC (rev 38834) @@ -1,3 +1,6 @@ +[11 Jan 2016] DLA-382-1 sudo - security update + {CVE-2015-5602} + [squeeze] - sudo 1.7.4p4-2.squeeze.6 [10 Jan 2016] DLA-381-1 icu - security update {CVE-2015-2632} [squeeze] - icu 4.4.1-8+squeeze5 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-01-11 01:28:52 UTC (rev 38833) +++ data/dla-needed.txt 2016-01-11 01:37:41 UTC (rev 38834) @@ -46,10 +46,6 @@ -- srtp (Thorsten Alteholz) -- -sudo (Ben Hutchings) - NOTE: Maintainer wants to review the updated package: - https://lists.debian.org/87fv0hmref@rover.gag.com --- tiff (Mike Gabriel) -- cacti (Chris Lamb) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38833 - data/CVE
Author: benh Date: 2016-01-11 01:28:52 + (Mon, 11 Jan 2016) New Revision: 38833 Modified: data/CVE/list Log: Add details of CVE-2016-0723 Modified: data/CVE/list === --- data/CVE/list 2016-01-10 21:18:18 UTC (rev 38832) +++ data/CVE/list 2016-01-11 01:28:52 UTC (rev 38833) @@ -2418,8 +2418,10 @@ RESERVED CVE-2016-0724 RESERVED -CVE-2016-0723 - RESERVED +CVE-2016-0723 (use-after-free in TIOCGETD ioctl) + - linux + - linux-2.6 + NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1511.3/03045.html CVE-2016-0722 RESERVED CVE-2016-0721 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38832 - in data: . DLA
Author: santiago Date: 2016-01-10 21:18:18 + (Sun, 10 Jan 2016) New Revision: 38832 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-381-1 for icu Modified: data/DLA/list === --- data/DLA/list 2016-01-10 21:10:10 UTC (rev 38831) +++ data/DLA/list 2016-01-10 21:18:18 UTC (rev 38832) @@ -1,3 +1,6 @@ +[10 Jan 2016] DLA-381-1 icu - security update + {CVE-2015-2632} + [squeeze] - icu 4.4.1-8+squeeze5 [04 Jan 2016] DLA-374-3 cacti - regression update [squeeze] - cacti 0.8.7g-1+squeeze9+deb6u13 [04 Jan 2016] DLA-380-1 libvncserver - security update Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-01-10 21:10:10 UTC (rev 38831) +++ data/dla-needed.txt 2016-01-10 21:18:18 UTC (rev 38832) @@ -18,8 +18,6 @@ -- giflib (Guido Günther) -- -icu (Santiago R.R.) --- inspircd (Ben Hutchings) -- libraw ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38831 - data/CVE
Author: sectracker Date: 2016-01-10 21:10:10 + (Sun, 10 Jan 2016) New Revision: 38831 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-01-10 21:09:34 UTC (rev 38830) +++ data/CVE/list 2016-01-10 21:10:10 UTC (rev 38831) @@ -1041,10 +1041,12 @@ RESERVED CVE-2016-1232 [Fix use of weak PRNG in generation of dialback secrets] RESERVED + {DSA-3439-1} - prosody 0.9.9-1 NOTE: https://prosody.im/security/advisory_20160108-2/ CVE-2016-1231 [Fix path traversal vulnerability in mod_http_files] RESERVED + {DSA-3439-1} - prosody 0.9.9-1 NOTE: https://prosody.im/security/advisory_20160108-1/ CVE-2016-1230 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38830 - data
Author: elbrus Date: 2016-01-10 21:09:34 + (Sun, 10 Jan 2016) New Revision: 38830 Modified: data/dla-needed.txt Log: dla: add note to cacti and myself to dbconfig-common Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-01-10 20:47:34 UTC (rev 38829) +++ data/dla-needed.txt 2016-01-10 21:09:34 UTC (rev 38830) @@ -13,7 +13,7 @@ -- claws-mail (Ben Hutchings) -- -dbconfig-common +dbconfig-common (Paul Gevers) NOTE: maintainer should take care of this, cf https://lists.debian.org/565626bf.2010...@debian.org -- giflib (Guido Günther) @@ -55,6 +55,8 @@ tiff (Mike Gabriel) -- cacti (Chris Lamb) + NOTE: CVE-2015-8377 fix was incomplete: + https://lists.debian.org/debian-lts/2016/01/msg00023.html NOTE: not the same as CVE-2015-8377 -- gajim ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38829 - data
Author: elbrus Date: 2016-01-10 20:47:34 + (Sun, 10 Jan 2016) New Revision: 38829 Modified: data/embedded-code-copies Log: Embedded copies: libjs-query update fixed cacti version and pasdoc version Modified: data/embedded-code-copies === --- data/embedded-code-copies 2016-01-10 18:59:44 UTC (rev 38828) +++ data/embedded-code-copies 2016-01-10 20:47:34 UTC (rev 38829) @@ -1000,10 +1000,9 @@ - request-tracker4 (embed; bug #693821) - otrs2 (embed) NOTE: Embeds jquery 1.10 - - cacti (embed) - NOTE: Embeds jquery 1.10.2 + - cacti 0.8.8f+ds1-4 (embed) - pasdoc (embed) - NOTE: Embeds jquery 1.7.1 + NOTE: Embeds jquery 2.0.0 jquery-goodies - horizon (embed) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38828 - data
Author: carnil Date: 2016-01-10 18:59:44 + (Sun, 10 Jan 2016) New Revision: 38828 Modified: data/next-point-update.txt Log: More pcre3 CVEs for next jessie point release Modified: data/next-point-update.txt === --- data/next-point-update.txt 2016-01-10 18:22:47 UTC (rev 38827) +++ data/next-point-update.txt 2016-01-10 18:59:44 UTC (rev 38828) @@ -107,3 +107,33 @@ [jessie] - owncloud 7.0.4+dfsg-4~deb8u4 CVE-2016-1501 [jessie] - owncloud 7.0.4+dfsg-4~deb8u4 +CVE-2015-2328 + [jessie] - pcre3 2:8.35-3.3+deb8u2 +CVE-2015-8382 + [jessie] - pcre3 2:8.35-3.3+deb8u2 +CVE-2015-8383 + [jessie] - pcre3 2:8.35-3.3+deb8u2 +CVE-2015-8385 + [jessie] - pcre3 2:8.35-3.3+deb8u2 +CVE-2015-8386 + [jessie] - pcre3 2:8.35-3.3+deb8u2 +CVE-2015-8387 + [jessie] - pcre3 2:8.35-3.3+deb8u2 +CVE-2015-8380 + [jessie] - pcre3 2:8.35-3.3+deb8u2 +CVE-2015-8389 + [jessie] - pcre3 2:8.35-3.3+deb8u2 +CVE-2015-8390 + [jessie] - pcre3 2:8.35-3.3+deb8u2 +CVE-2015-8391 + [jessie] - pcre3 2:8.35-3.3+deb8u2 +CVE-2015-8392 + [jessie] - pcre3 2:8.35-3.3+deb8u2 +CVE-2015-8393 + [jessie] - pcre3 2:8.35-3.3+deb8u2 +CVE-2015-8394 + [jessie] - pcre3 2:8.35-3.3+deb8u2 +CVE-2015-8381 + [jessie] - pcre3 2:8.35-3.3+deb8u2 +CVE-2015-8395 + [jessie] - pcre3 2:8.35-3.3+deb8u2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38827 - data/CVE
Author: carnil Date: 2016-01-10 18:22:47 + (Sun, 10 Jan 2016) New Revision: 38827 Modified: data/CVE/list Log: CVE-2015-8557/pygments fixed in unstable, #802828 Modified: data/CVE/list === --- data/CVE/list 2016-01-10 17:48:09 UTC (rev 38826) +++ data/CVE/list 2016-01-10 18:22:47 UTC (rev 38827) @@ -2641,7 +2641,7 @@ CVE-2015-8557 [Shell Injection in Pygments FontManager._get_nix_font_path] RESERVED {DLA-369-1} - - pygments (bug #802828) + - pygments 2.0.1+dfsg-2 (bug #802828) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1276321 NOTE: https://bitbucket.org/birkenfeld/pygments-main/commits/0036ab1c99e256298094505e5e92f NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38826 - data/CVE
Author: carnil Date: 2016-01-10 17:48:09 + (Sun, 10 Jan 2016) New Revision: 38826 Modified: data/CVE/list Log: CVE-2016-1569/firebird2.5 assigned Modified: data/CVE/list === --- data/CVE/list 2016-01-10 16:33:24 UTC (rev 38825) +++ data/CVE/list 2016-01-10 17:48:09 UTC (rev 38826) @@ -1,10 +1,10 @@ -CVE-2016- [gbak with invalid parameter crashes FireBird] +CVE-2016-1569 [gbak with invalid parameter crashes FireBird] - firebird2.5 2.5.5.26952.ds4-3 (bug #810599) [jessie] - firebird2.5 (Issue introduced in 2.5.5) [wheezy] - firebird2.5 (Issue introduced in 2.5.5) [squeeze] - firebird2.5 (Issue introduced in 2.5.5) NOTE: http://tracker.firebirdsql.org/browse/CORE-5068 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/10/2 + NOTE: http://www.openwall.com/lists/oss-security/2016/01/10/2 CVE-2016-1568 [ide: ahci use-after-free vulnerability in aio port commands] - qemu 1:2.5+dfsg-2 (bug #810527) [squeeze] - qemu (Vulnerable code introduced later) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38825 - data/CVE
Author: carnil Date: 2016-01-10 16:33:24 + (Sun, 10 Jan 2016) New Revision: 38825 Modified: data/CVE/list Log: Add bug references for dhcpcd5 issues, #810620, #810621 Modified: data/CVE/list === --- data/CVE/list 2016-01-10 16:02:51 UTC (rev 38824) +++ data/CVE/list 2016-01-10 16:33:24 UTC (rev 38825) @@ -154,14 +154,14 @@ NOTE: Introduced in 1.4.36: http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2976 CVE-2016-1503 [heap overflow via malformed dhcp responses in print_option (via dhcp_envoption1) due to incorrect option length values] RESERVED - - dhcpcd5 + - dhcpcd5 (bug #810621) - dhcpcd NOTE: http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/07/3 TODO: check affected versions CVE-2016-1504 [invalid read/crash via malformed dhcp responses] RESERVED - - dhcpcd5 + - dhcpcd5 (bug #810620) - dhcpcd NOTE: http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/07/3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38824 - data/CVE
Author: carnil Date: 2016-01-10 16:02:51 + (Sun, 10 Jan 2016) New Revision: 38824 Modified: data/CVE/list Log: Add fixed version for firebird2.5, #810599 Modified: data/CVE/list === --- data/CVE/list 2016-01-10 15:10:13 UTC (rev 38823) +++ data/CVE/list 2016-01-10 16:02:51 UTC (rev 38824) @@ -1,5 +1,5 @@ CVE-2016- [gbak with invalid parameter crashes FireBird] - - firebird2.5 (bug #810599) + - firebird2.5 2.5.5.26952.ds4-3 (bug #810599) [jessie] - firebird2.5 (Issue introduced in 2.5.5) [wheezy] - firebird2.5 (Issue introduced in 2.5.5) [squeeze] - firebird2.5 (Issue introduced in 2.5.5) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38823 - data
Author: carnil Date: 2016-01-10 15:10:13 + (Sun, 10 Jan 2016) New Revision: 38823 Modified: data/dsa-needed.txt Log: Take pygments Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-01-10 14:38:08 UTC (rev 38822) +++ data/dsa-needed.txt 2016-01-10 15:10:13 UTC (rev 38823) @@ -53,7 +53,7 @@ -- pdns/oldstable -- -pygments +pygments (carnil) -- qemu -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38822 - data/CVE
Author: carnil Date: 2016-01-10 14:38:08 + (Sun, 10 Jan 2016) New Revision: 38822 Modified: data/CVE/list Log: Add CVE request reference for firebird2.5 Modified: data/CVE/list === --- data/CVE/list 2016-01-10 14:31:24 UTC (rev 38821) +++ data/CVE/list 2016-01-10 14:38:08 UTC (rev 38822) @@ -4,6 +4,7 @@ [wheezy] - firebird2.5 (Issue introduced in 2.5.5) [squeeze] - firebird2.5 (Issue introduced in 2.5.5) NOTE: http://tracker.firebirdsql.org/browse/CORE-5068 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/10/2 CVE-2016-1568 [ide: ahci use-after-free vulnerability in aio port commands] - qemu 1:2.5+dfsg-2 (bug #810527) [squeeze] - qemu (Vulnerable code introduced later) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38821 - data/CVE
Author: carnil Date: 2016-01-10 14:31:24 + (Sun, 10 Jan 2016) New Revision: 38821 Modified: data/CVE/list Log: Add new issue in firebird2.5, #810599 Modified: data/CVE/list === --- data/CVE/list 2016-01-10 14:16:39 UTC (rev 38820) +++ data/CVE/list 2016-01-10 14:31:24 UTC (rev 38821) @@ -1,3 +1,9 @@ +CVE-2016- [gbak with invalid parameter crashes FireBird] + - firebird2.5 (bug #810599) + [jessie] - firebird2.5 (Issue introduced in 2.5.5) + [wheezy] - firebird2.5 (Issue introduced in 2.5.5) + [squeeze] - firebird2.5 (Issue introduced in 2.5.5) + NOTE: http://tracker.firebirdsql.org/browse/CORE-5068 CVE-2016-1568 [ide: ahci use-after-free vulnerability in aio port commands] - qemu 1:2.5+dfsg-2 (bug #810527) [squeeze] - qemu (Vulnerable code introduced later) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38820 - data/CVE
Author: carnil Date: 2016-01-10 14:16:39 + (Sun, 10 Jan 2016) New Revision: 38820 Modified: data/CVE/list Log: Two CVEs fixed in unstable for cacti Modified: data/CVE/list === --- data/CVE/list 2016-01-10 14:15:28 UTC (rev 38819) +++ data/CVE/list 2016-01-10 14:16:39 UTC (rev 38820) @@ -659,7 +659,7 @@ TODO: check CVE-2015-8604 [SQL Injection in graphs_new.php] RESERVED - - cacti + - cacti 0.8.8f+ds1-4 NOTE: http://bugs.cacti.net/view.php?id=2652 NOTE: http://www.openwall.com/lists/oss-security/2016/01/04/8 CVE-2016-1282 @@ -4487,7 +4487,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2015/12/02/6 CVE-2015-8377 (SQL injection vulnerability in the host_new_graphs_save function in ...) {DLA-374-1} - - cacti + - cacti 0.8.8f+ds1-4 NOTE: http://bugs.cacti.net/view.php?id=2655 NOTE: http://seclists.org/fulldisclosure/2015/Dec/att-57/cacti_sqli%281%29.txt CVE-2015- [Avoid unbounded SFTP extended attribute key/values] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38819 - data/CVE
Author: carnil Date: 2016-01-10 14:15:28 + (Sun, 10 Jan 2016) New Revision: 38819 Modified: data/CVE/list Log: prosody fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-01-10 12:23:02 UTC (rev 38818) +++ data/CVE/list 2016-01-10 14:15:28 UTC (rev 38819) @@ -1034,11 +1034,11 @@ RESERVED CVE-2016-1232 [Fix use of weak PRNG in generation of dialback secrets] RESERVED - - prosody + - prosody 0.9.9-1 NOTE: https://prosody.im/security/advisory_20160108-2/ CVE-2016-1231 [Fix path traversal vulnerability in mod_http_files] RESERVED - - prosody + - prosody 0.9.9-1 NOTE: https://prosody.im/security/advisory_20160108-1/ CVE-2016-1230 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38818 - data
Author: santiago Date: 2016-01-10 12:23:02 + (Sun, 10 Jan 2016) New Revision: 38818 Modified: data/dla-needed.txt Log: Claim icu in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-01-10 10:28:58 UTC (rev 38817) +++ data/dla-needed.txt 2016-01-10 12:23:02 UTC (rev 38818) @@ -18,7 +18,7 @@ -- giflib (Guido Günther) -- -icu +icu (Santiago R.R.) -- inspircd (Ben Hutchings) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38817 - data/CVE
Author: carnil Date: 2016-01-10 10:28:58 + (Sun, 10 Jan 2016) New Revision: 38817 Modified: data/CVE/list Log: Remove TODO item for CVE-2015-7558 Modified: data/CVE/list === --- data/CVE/list 2016-01-10 10:27:21 UTC (rev 38816) +++ data/CVE/list 2016-01-10 10:28:58 UTC (rev 38817) @@ -6975,7 +6975,6 @@ RESERVED - librsvg 2.40.12-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1268243 - TODO: check CVE-2015-7557 [Out-of-bounds heap read in librsvg2 was found when parsing SVG file] RESERVED - librsvg 2.40.9-2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38816 - data/CVE
Author: carnil Date: 2016-01-10 10:27:21 + (Sun, 10 Jan 2016) New Revision: 38816 Modified: data/CVE/list Log: Update CVE-2015-7557/librsvg Modified: data/CVE/list === --- data/CVE/list 2016-01-10 09:48:20 UTC (rev 38815) +++ data/CVE/list 2016-01-10 10:27:21 UTC (rev 38816) @@ -6978,9 +6978,9 @@ TODO: check CVE-2015-7557 [Out-of-bounds heap read in librsvg2 was found when parsing SVG file] RESERVED - - librsvg - NOTE: https://git.gnome.org/browse/librsvg/commit/rsvg-shapes.c?id=40af93e6eb1c94b90c3b9a0b87e0840e126bb8df - TODO: check + - librsvg 2.40.9-2 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=738050 (not public accessible) + NOTE: https://git.gnome.org/browse/librsvg/commit/rsvg-shapes.c?id=40af93e6eb1c94b90c3b9a0b87e0840e126bb8df (2.40.7) CVE-2015-7556 RESERVED CVE-2015-7555 [Heap-based buffer overflow in giffix utility] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38815 - in data: . DSA
Author: carnil Date: 2016-01-10 09:48:20 + (Sun, 10 Jan 2016) New Revision: 38815 Modified: data/DSA/list data/dsa-needed.txt Log: Reserve DSA number for prosody Modified: data/DSA/list === --- data/DSA/list 2016-01-10 09:38:24 UTC (rev 38814) +++ data/DSA/list 2016-01-10 09:48:20 UTC (rev 38815) @@ -1,3 +1,7 @@ +[10 Jan 2016] DSA-3439-1 prosody - security update + {CVE-2016-1231 CVE-2016-1232} + [wheezy] - prosody 0.8.2-4+deb7u3 + [jessie] - prosody 0.9.7-2+deb8u2 [09 Jan 2016] DSA-3438-1 xscreensaver - security update {CVE-2015-8025} [wheezy] - xscreensaver 5.15-3+deb7u1 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-01-10 09:38:24 UTC (rev 38814) +++ data/dsa-needed.txt 2016-01-10 09:48:20 UTC (rev 38815) @@ -53,9 +53,6 @@ -- pdns/oldstable -- -prosody (carnil) - Maintainer prepared update for jessie, wheezy pending --- pygments -- qemu ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38814 - data/CVE
Author: carnil Date: 2016-01-10 09:38:24 + (Sun, 10 Jan 2016) New Revision: 38814 Modified: data/CVE/list Log: Four more CVEs addressed in qemu upload to unstable Modified: data/CVE/list === --- data/CVE/list 2016-01-10 09:10:12 UTC (rev 38813) +++ data/CVE/list 2016-01-10 09:38:24 UTC (rev 38814) @@ -976,7 +976,7 @@ NOTE: http://www.inspircd.org/2015/04/16/v2019-released.html CVE-2015-8701 [net: rocker: fix an incorrect array bounds check] RESERVED - - qemu (bug #809313) + - qemu 1:2.5+dfsg-3 (bug #809313) [jessie] - qemu (Vulnerable code introduced after qemu 2.3) [wheezy] - qemu (Vulnerable code introduced after qemu 2.3) [squeeze] - qemu (Vulnerable code introduced after qemu 2.3) @@ -1903,7 +1903,7 @@ RESERVED CVE-2015-8613 [scsi: stack based buffer overflow in megasas_ctrl_get_info] RESERVED - - qemu (bug #809232) + - qemu 1:2.5+dfsg-3 (bug #809232) [wheezy] - qemu (Vulnerable code not present) [squeeze] - qemu (Vulnerable code not present) - qemu-kvm (Vulnerable code not present) @@ -2601,7 +2601,7 @@ NOTE: https://lkml.org/lkml/2015/12/14/252 CVE-2015-8568 [net: vmxnet3: host memory leakage -- did not free the transmit & receive buffers while deactivating] RESERVED - - qemu (bug #808145) + - qemu 1:2.5+dfsg-3 (bug #808145) [wheezy] - qemu (Vulnerable code not present) [squeeze] - qemu (Vulnerable code not present) - qemu-kvm (Vulnerable code not present) @@ -2609,7 +2609,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4 CVE-2015-8567 [net: vmxnet3: host memory leakage -- does not check if the device is active before activating it] RESERVED - - qemu (bug #808145) + - qemu 1:2.5+dfsg-3 (bug #808145) [wheezy] - qemu (Vulnerable code not present) [squeeze] - qemu (Vulnerable code not present) - qemu-kvm (Vulnerable code not present) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38813 - data/CVE
Author: sectracker Date: 2016-01-10 09:10:12 + (Sun, 10 Jan 2016) New Revision: 38813 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-01-10 07:16:29 UTC (rev 38812) +++ data/CVE/list 2016-01-10 09:10:12 UTC (rev 38813) @@ -5586,7 +5586,7 @@ - cinnamon-settings-daemon NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/28/3 CVE-2015-8025 (driver/subprocs.c in XScreenSaver before 5.34 does not properly ...) - {DLA-338-1} + {DSA-3438-1 DLA-338-1} - xscreensaver 5.34-1 (bug #802914) NOTE: http://pkgs.fedoraproject.org/cgit/xscreensaver.git/plain/xscreensaver-5.33-0002-Modify-sigchld_hander-in_signal_hander_p-mechanism.patch?id=b57f59f3482fedf70ce7a3541094e2512290139f NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1274452 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits