[Secure-testing-commits] r38998 - data/CVE
Author: sectracker Date: 2016-01-18 09:10:20 + (Mon, 18 Jan 2016) New Revision: 38998 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-01-18 07:57:08 UTC (rev 38997) +++ data/CVE/list 2016-01-18 09:10:20 UTC (rev 38998) @@ -11020,6 +11020,7 @@ TODO: check CVE-2015-6360 RESERVED + {DLA-393-1} [experimental] - srtp 1.5.3~dfsg-1 - srtp (bug #807698) NOTE: Fix: https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c21638b8dc3de2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38999 - data/CVE
Author: carnil Date: 2016-01-18 10:13:20 + (Mon, 18 Jan 2016) New Revision: 38999 Modified: data/CVE/list Log: CVE-2016-0724/moodle fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-01-18 09:10:20 UTC (rev 38998) +++ data/CVE/list 2016-01-18 10:13:20 UTC (rev 38999) @@ -3304,7 +3304,7 @@ NOTE: http://git.moodle.org/gw?p=moodle.git=search=HEAD=commit=MDL-52552 CVE-2016-0724 [Two enrolment-related web services don't check course visibility] RESERVED - - moodle (bug #811344) + - moodle 2.7.12+dfsg-1 (bug #811344) NOTE: http://git.moodle.org/gw?p=moodle.git=search=HEAD=commit=MDL-52072 CVE-2016-0723 [use-after-free in TIOCGETD ioctl] RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39000 - data
Author: apo-guest Date: 2016-01-18 17:19:22 + (Mon, 18 Jan 2016) New Revision: 39000 Modified: data/dla-needed.txt Log: Claim radicale in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-01-18 10:13:20 UTC (rev 38999) +++ data/dla-needed.txt 2016-01-18 17:19:22 UTC (rev 39000) @@ -44,7 +44,7 @@ pound NOTE: updating to the wheezy option might be less error prone -- -radicale +radicale (Markus Koschany) -- tiff -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39001 - in data: . DLA
Author: alteholz Date: 2016-01-18 18:45:34 + (Mon, 18 Jan 2016) New Revision: 39001 Modified: data/DLA/list data/dla-needed.txt Log: passenger done Modified: data/DLA/list === --- data/DLA/list 2016-01-18 17:19:22 UTC (rev 39000) +++ data/DLA/list 2016-01-18 18:45:34 UTC (rev 39001) @@ -1,3 +1,6 @@ +[18 Jan 2016] DLA-394-1 passenger - security update + {CVE-2015-7519} + [squeeze] - passenger 2.2.11debian-2+deb6u1 [17 Jan 2016] DLA-393-1 srtp - security update {CVE-2015-6360} [squeeze] - srtp 1.4.4~dfsg-6+deb6u2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-01-18 17:19:22 UTC (rev 39000) +++ data/dla-needed.txt 2016-01-18 18:45:34 UTC (rev 39001) @@ -35,9 +35,6 @@ -- openssh (Guido Günther) -- -passenger (Thorsten Alteholz) - NOTE: code is in ext/apache2/Hooks.cpp:sendHeaders() --- php5 (Thorsten Alteholz) NOTE: next upload end of December -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39002 - data/CVE
Author: alteholz Date: 2016-01-18 18:47:27 + (Mon, 18 Jan 2016) New Revision: 39002 Modified: data/CVE/list Log: moodle not supported in Squeeze Modified: data/CVE/list === --- data/CVE/list 2016-01-18 18:45:34 UTC (rev 39001) +++ data/CVE/list 2016-01-18 18:47:27 UTC (rev 39002) @@ -3301,10 +3301,12 @@ CVE-2016-0725 [XSS Vulnerability in course management search] RESERVED - moodle (Only affects 3.0 to 3.0.1, 2.9 to 2.9.3 and 2.8 to 2.8.9) + [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git=search=HEAD=commit=MDL-52552 CVE-2016-0724 [Two enrolment-related web services don't check course visibility] RESERVED - moodle 2.7.12+dfsg-1 (bug #811344) + [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git=search=HEAD=commit=MDL-52072 CVE-2016-0723 [use-after-free in TIOCGETD ioctl] RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39003 - data/CVE
Author: carnil Date: 2016-01-18 19:06:22 + (Mon, 18 Jan 2016) New Revision: 39003 Modified: data/CVE/list Log: Add two new CVEs for openjpeg2 Modified: data/CVE/list === --- data/CVE/list 2016-01-18 18:47:27 UTC (rev 39002) +++ data/CVE/list 2016-01-18 19:06:22 UTC (rev 39003) @@ -1,6 +1,12 @@ CVE-2016- [Multiple minor security issues] - imagemagick 8:6.8.9.9-7 (bug #811308) TODO: check, needs possibly CVEs +CVE-2016-1924 [opj_tgt_reset: AddressSanitizer: SEGV on unknown address] + - openjpeg2 + TODO: check +CVE-2016-1923 [opj_j2k_update_image_data: AddressSanitizer: heap-buffer-overflow READ of size 4] + - openjpeg2 + TODO: check CVE-2016-1920 [VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3] NOT-FOR-US: KNOX 1.0 / Android 4.3 CVE-2016-1919 [Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39004 - data/CVE
Author: carnil Date: 2016-01-18 19:11:00 + (Mon, 18 Jan 2016) New Revision: 39004 Modified: data/CVE/list Log: Add CVE-2016-1925/lha, non-free Modified: data/CVE/list === --- data/CVE/list 2016-01-18 19:06:22 UTC (rev 39003) +++ data/CVE/list 2016-01-18 19:11:00 UTC (rev 39004) @@ -1,6 +1,9 @@ CVE-2016- [Multiple minor security issues] - imagemagick 8:6.8.9.9-7 (bug #811308) TODO: check, needs possibly CVEs +CVE-2016-1925 [Improper handling of length parameter inconsitency] + - lha (unimportant) + NOTE: Non-free not supported CVE-2016-1924 [opj_tgt_reset: AddressSanitizer: SEGV on unknown address] - openjpeg2 TODO: check ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39007 - data/DLA
Author: sunweaver Date: 2016-01-19 02:44:46 + (Tue, 19 Jan 2016) New Revision: 39007 Modified: data/DLA/list Log: Reserve DLA-385-2 for isc-dhcp Modified: data/DLA/list === --- data/DLA/list 2016-01-18 22:47:24 UTC (rev 39006) +++ data/DLA/list 2016-01-19 02:44:46 UTC (rev 39007) @@ -1,3 +1,6 @@ +[19 Jan 2016] DLA-385-2 isc-dhcp - regression update + {CVE-2015-8605} + [squeeze] - isc-dhcp 4.1.1-P1-15+squeeze10 [18 Jan 2016] DLA-394-1 passenger - security update {CVE-2015-7519} [squeeze] - passenger 2.2.11debian-2+deb6u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39006 - data/CVE
Author: mgilbert Date: 2016-01-18 22:47:24 + (Mon, 18 Jan 2016) New Revision: 39006 Modified: data/CVE/list Log: chromium issue fixed Modified: data/CVE/list === --- data/CVE/list 2016-01-18 21:10:17 UTC (rev 39005) +++ data/CVE/list 2016-01-18 22:47:24 UTC (rev 39006) @@ -9944,7 +9944,7 @@ CVE-2015-6793 RESERVED CVE-2015-6792 (The MIDI subsystem in Google Chrome before 47.0.2526.106 does not ...) - - chromium-browser + - chromium-browser 47.0.2526.111-1 [wheezy] - chromium-browser [squeeze] - chromium-browser NOTE: http://googlechromereleases.blogspot.de/2015/12/stable-channel-update_15.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39005 - data/CVE
Author: sectracker Date: 2016-01-18 21:10:17 + (Mon, 18 Jan 2016) New Revision: 39005 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-01-18 19:11:00 UTC (rev 39004) +++ data/CVE/list 2016-01-18 21:10:17 UTC (rev 39005) @@ -8031,6 +8031,7 @@ CVE-2015-7520 RESERVED CVE-2015-7519 (agent/Core/Controller/SendRequest.cpp in Phusion Passenger before ...) + {DLA-394-1} - passenger 5.0.22-1 (bug #807354) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=956281 NOTE: https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits